The Samba-Bugzilla – Attachment 17378 Details for
Bug 15085
[SECURITY] CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
updated avisory with CVSS 3.1 string and score only
CVE-2022-32742-advisory-v2.txt (text/plain), 2.24 KB, created by
Andrew Bartlett
on 2022-06-21 00:19:57 UTC
(
hide
)
Description:
updated avisory with CVSS 3.1 string and score only
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-06-21 00:19:57 UTC
Size:
2.24 KB
patch
obsolete
>==================================================================== >== Subject: Server memory information leak via SMB1. >== >== CVE ID#: CVE-2022-32742 >== >== Versions: All versions of Samba. >== >== Summary: SMB1 Client with write access to a share can cause >== server memory contents to be written into a file >== or printer. >== >==================================================================== > >=========== >Description >=========== > >Please note that only versions of Samba prior to 4.11.0 are vulnerable >to this bug by default. Samba versions 4.11.0 and above disable SMB1 >by default, and will only be vulnerable if the administrator has >deliberately enabled SMB1 in the smb.conf file. > >All versions of Samba with SMB1 enabled are vulnerable to a server >memory information leak bug over SMB1 if a client can write data to a >share. Some SMB1 write requests were not correctly range checked to >ensure the client had sent enough data to fulfill the write, allowing >server memory contents to be written into the file (or printer) >instead of client supplied data. The client cannot control the area of >the server memory that is written to the file (or printer). > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.16.2, 4.15.8 and 4.14.13 have been issued as >security releases to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >================== >CVSSv3.1 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (4.3) > >========== >Workaround >========== > >This is an SMB1-only vulnerability. Since Samba release 4.11.0 SMB1 >has been disabled by default. We do not recommend enabling SMB1 server >support. For Samba versions prior to 4.11.0 please disable SMB1 by >adding > >server min protocol = SMB2_02 > >to the [global] section of your smb.conf and restarting smbd. > >======= >Credits >======= > >This problem was reported by Luca Moro working with Trend Micro Zero >Day Initiative. Jeremy Allison of Google and the Samba Team provided >the fix.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17378">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 15085
:
17318
|
17319
|
17322
|
17323
|
17324
|
17325
|
17326
|
17327
|
17329
|
17334
|
17335
|
17336
|
17348
|
17349
| 17378 |
17393
|
17427
|
17434
|
17447