The Samba-Bugzilla – Attachment 17541 Details for
Bug 15134
CVE-2022-3437 [SECURITY] Heimdal des/des3 overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Initial advisory without versions or CVE number (v3)
des3-advisory.txt (text/plain), 2.46 KB, created by
Andrew Bartlett
on 2022-10-06 03:56:50 UTC
(
hide
)
Description:
Initial advisory without versions or CVE number (v3)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-10-06 03:56:50 UTC
Size:
2.46 KB
patch
obsolete
>=========================================================== >== Subject: Buffer overflow >== >== CVE ID#: >== >== Versions: All versions of Samba since Samba 4.0 compiled >== with Heimdal Kerberos >== >== Summary: There is a limited write heap buffer overflow >== in the GSSAPI unwrap_des() and unwrap_des3() >== routines of Heimdal (included in Samba). >=========================================================== > >=========== >Description >=========== > >The DES (for Samba 4.11 and earlier) and Triple-DES decryption >routines in the Heimdal GSSAPI library allow a length-limited write >buffer overflow on malloc() allocated memory when presented with a >maliciously small packet. > >Examples of where Samba can use GSSAPI include the client and >fileserver for SMB1 (unix extensions), DCE/RPC in all use cases and >LDAP in the Active Directory Domain Controller. > >However not all Samba installations are impacted! Samba is often >compiled to use the system MIT Kerberos using the >--with-system-mitkrb5 argument and these installations are not >impacted, as the vulnerable code is not compiled into Samba. > >However when, as is the default, Samba is compiled to use the internal >Heimdal Kerberos library the vulnerable unwrap_des3() is used. > >(The single-DES use case, along with the equally vulnerable >unwrap_des() is only compiled into Samba 4.11 and earlier). > >The primary use of Samba's internal Heimdal is for the Samba AD DC, >but this vulnerability does impact fileserver deployments built with >the default build options. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba $VERSIONS have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L (5.9) > >========== >Workaround >========== > >Compiling Samba with --with-system-mitkrb5 will avoid this issue. > >======= >Credits >======= > >Originally reported by Evgeny Legerov of Intevydis. > >Patches provided by Joseph Sutton of Catalyst and the Samba Team, >advisory written by Andrew Bartlett of Catalyst and the Samba Team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jsutton
:
review+
Actions:
View
Attachments on
bug 15134
:
17455
|
17474
|
17539
|
17540
|
17541
|
17542
|
17543
|
17549
|
17550
|
17551
|
17552
|
17553
|
17554
|
17555
|
17556
|
17557
|
17558
|
17559
|
17561
|
17564
|
17577
|
17598