The Samba-Bugzilla – Attachment 17324 Details for
Bug 15085
[SECURITY] CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Draft CVE announcement
CVE-TBD.txt (text/plain), 2.06 KB, created by
Jeremy Allison
on 2022-06-07 19:41:03 UTC
(
hide
)
Description:
Draft CVE announcement
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2022-06-07 19:41:03 UTC
Size:
2.06 KB
patch
obsolete
>==================================================================== >== Subject: Server memory information leak via SMB1 only. >== >== CVE ID#: CVE-2022-TBD >== >== Versions: All versions of Samba. >== >== Summary: SMB1 Client with write access to a share can cause >== server memory contents to be written into a file >== or printer. >== >==================================================================== > >=========== >Description >=========== > >Please note that SMB1 is *NOT* enabled by default, only sites where >SMB1 has been enabled by the administrator are vulnerable to this bug. > >All versions of Samba are vulnerable to a server memory information >leak bug over SMB1 if a client can write data to a share. Some SMB1 >write requests were not correctly range checked to ensure the client >had sent enough data to fulfill the write, allowing server memory >contents to be written into the file (or printer) instead of client >supplied data. The client cannot control the area of the server memory >that is written to the file (or printer). > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.16.x, 4.15.x and 4.14.x have been issued as >security releases to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >================== >CVSSv3.1 calculation >================== > >CVSS:AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C/CR:M/IR:L/AR:L/MAV:N/MAC:H/MPR:L/MUI:N/MS:U/MC:X/MI:N/MA:N > >base score of 2.9 > >========== >Workaround >========== > >This is an SMB1-only vulnerability. Since Samba release 4.11.0 SMB1 >has been disabled by default. Do not turn on SMB1 serving unless >required for your specific clients. > >======= >Credits >======= > >This problem was reported by Luca Moro working with Trend Micro Zero >Day Initiative. Jeremy Allison of Google and the Samba Team provided >the fix.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17324">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15085
:
17318
|
17319
|
17322
|
17323
|
17324
|
17325
|
17326
|
17327
|
17329
|
17334
|
17335
|
17336
|
17348
|
17349
|
17378
|
17393
|
17427
|
17434
|
17447