SB2023072919 - openEuler 22.03 LTS SP1 update for samba

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-2127)

The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in winbindd_pam_auth_crap.c in winbind AUTH_CRAP when performing NTLM authentication. A remote attacker can trigger an out-of-bounds read error and gain access to sensitive information or crash the server.

2) Security features bypass (CVE-ID: CVE-2023-3347)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to SMB2 packet signing feature is not enforced if the server is configured with the "server signing = required" option or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. A remote attacker can intercept and manipulate data.

3) Infinite loop (CVE-ID: CVE-2023-34966)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing Spotlight mdssvc RPC packets. A remote attacker can consume all available system resources and cause denial of service conditions on servers where Spotlight is explicitly enabled globally or on individual shares with "spotlight = yes".

4) Type Confusion (CVE-ID: CVE-2023-34967)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error when parsing Spotlight mdssvc RPC packets. A remote attacker can send specially crafted data to the server, trigger a type confusion error and crash the server.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1452