The Samba-Bugzilla – Attachment 17379 Details for
Bug 15008
CVE-2022-32745 [SECURITY] Collecting attribute values for LDB add/modify can result in out-of-bounds access
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory v2
advisory_v2.txt (text/plain), 1.81 KB, created by
Jennifer Sutton
on 2022-06-21 02:10:56 UTC
(
hide
)
Description:
advisory v2
Filename:
MIME Type:
Creator:
Jennifer Sutton
Created:
2022-06-21 02:10:56 UTC
Size:
1.81 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD users can crash the server process with an >== LDAP add or modify request. >== >== CVE ID#: CVE-2022-32745 >== >== Versions: Samba 4.16, 4.15.2, 4.14.10, 4.13.14, and later >== >== Summary: Samba AD users can cause the server to access >== uninitialised data with an LDAP add or modify request, >== usually resulting in a segmentation fault. >=========================================================== > >=========== >Description >=========== > >Due to incorrect values used as the limit for a loop and as the >'count' parameter to memcpy(), the server, receiving a specially >crafted message, leaves an array of structures partially >uninitialised, or accesses an arbitrary element beyond the end of an >array. > >Outcomes achievable by an attacker include segmentation faults and >corresponding loss of availability. Depending on the contents of the >uninitialised memory, confidentiality may also be affected. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.14.next, 4.15.next, and 4.16.next have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L (5.4) > >========== >Workaround >========== > >None. > >======= >Credits >======= > >Initial report, patches, and this advisory by Joseph Sutton of >Catalyst and the Samba Team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==========================================================
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 15008
:
17203
|
17204
|
17317
|
17340
|
17341
|
17343
| 17379