The Samba-Bugzilla – Attachment 17539 Details for
Bug 15134
CVE-2022-3437 [SECURITY] Heimdal des/des3 overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Initial advisory without versions or CVE number
des3-advisory.txt (text/plain), 2.27 KB, created by
Andrew Bartlett
on 2022-10-06 02:04:22 UTC
(
hide
)
Description:
Initial advisory without versions or CVE number
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-10-06 02:04:22 UTC
Size:
2.27 KB
patch
obsolete
>=========================================================== >== Subject: Buffer overflow >== >== CVE ID#: >== >== Versions: All versions of Samba since Samba 4.0 compiled >== with Heimdal Kerberos >== >== Summary: There is a limited write buffer overflow in >== the GSSAPI unwrap_des() and unwrap_des3() >== routines of Heimdal (included in Samba). >=========================================================== > >=========== >Description >=========== > >The DES (for Samba 4.11 and earlier) and Triple-DES decryption >routines in the Heimdal GSSAPI library allow a small buffer >overflow when presented with a maliciously small packet. > >Examples of where Samba can use GSSAPI include the client and >fileserver for SMB1 (unix extensions), DCE/RPC in all use cases and >LDAP in the Active Directory Domain Controller. > >Not all Samba installations are impacted. Samba can be compiled to >use the system (typically MIT) Kerberos using the >--with-system-mitkrb5 argument and these installations are not >impacted, as the vulnerable code is not compiled. > >However when compiled to use the internal Heimdal Kerberos library >(the default), which provides this routine, Samba is vulnerable. > >The primary use of Samba's internal Heimdal is for the Samba AD DC, >but this can impact fileserver deployments with the default build >options. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L (5.9) > >========== >Workaround >========== > >Compiling Samba with --with-system-mitkrb5 will avoid this issue. > >======= >Credits >======= > >Originally reported by Evgeny Legerov of Intevydis > >Patches provided by Joseph Sutton of Catalyst and the Samba Team, >advisory written by Andrew Bartlett of Catalyst and the Samba Team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 15134
:
17455
|
17474
|
17539
|
17540
|
17541
|
17542
|
17543
|
17549
|
17550
|
17551
|
17552
|
17553
|
17554
|
17555
|
17556
|
17557
|
17558
|
17559
|
17561
|
17564
|
17577
|
17598