The Samba-Bugzilla – Attachment 17334 Details for
Bug 15085
[SECURITY] CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Proposed final CVE text.
CVE-2022-32742.txt (text/plain), 2.32 KB, created by
Jeremy Allison
on 2022-06-09 16:38:13 UTC
(
hide
)
Description:
Proposed final CVE text.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2022-06-09 16:38:13 UTC
Size:
2.32 KB
patch
obsolete
>==================================================================== >== Subject: Server memory information leak via SMB1. >== >== CVE ID#: CVE-2022-32742 >== >== Versions: All versions of Samba. >== >== Summary: SMB1 Client with write access to a share can cause >== server memory contents to be written into a file >== or printer. >== >==================================================================== > >=========== >Description >=========== > >Please note that only versions of Samba prior to 4.11.0 are vulnerable >to this bug by default. Samba versions 4.11.0 and above disable SMB1 >by default, and will only be vulnerable if the administrator has >deliberately enabled SMB1 in the smb.conf file. > >All versions of Samba with SMB1 enabled are vulnerable to a server >memory information leak bug over SMB1 if a client can write data to a >share. Some SMB1 write requests were not correctly range checked to >ensure the client had sent enough data to fulfill the write, allowing >server memory contents to be written into the file (or printer) >instead of client supplied data. The client cannot control the area of >the server memory that is written to the file (or printer). > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.16.2, 4.15.8 and 4.14.13 have been issued as >security releases to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >================== >CVSSv3.1 calculation >================== > >CVSS:AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C/CR:M/IR:L/AR:L/MAV:N/MAC:H/MPR:L/MUI:N/MS:U/MC:X/MI:N/MA:N > >base score of 2.9. > >========== >Workaround >========== > >This is an SMB1-only vulnerability. Since Samba release 4.11.0 SMB1 >has been disabled by default. We do not recommend enabling SMB1 server >support. For Samba versions prior to 4.11.0 please disable SMB1 by >adding > >server min protocol = SMB2_02 > >to the [global] section of your smb.conf and restarting smbd. > >======= >Credits >======= > >This problem was reported by Luca Moro working with Trend Micro Zero >Day Initiative. Jeremy Allison of Google and the Samba Team provided >the fix.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
ddiss
:
review+
Actions:
View
Attachments on
bug 15085
:
17318
|
17319
|
17322
|
17323
|
17324
|
17325
|
17326
|
17327
|
17329
|
17334
|
17335
|
17336
|
17348
|
17349
|
17378
|
17393
|
17427
|
17434
|
17447