Samba 4.17.2, 4.16.6, and 4.15.11 patches have been released, addressing two vulnerabilities. You can track the release of package updates in these distributions on the following pages: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD.
- CVE-2022-3437 — A buffer overflow in the unwrap_des() and unwrap_des3() functions provided in the GSSAPI library from the Heimdal package (included with Samba since version 4.0). The vulnerability can be exploited by sending a specially crafted packet to systems using GSSAPI. For example, the issue manifests itself in the client and file system implementations. Server Based on the SMB1 protocol, using DCE/RPC and on an Active Directory domain controller. Systems built with MIT Kerberos (—with-system-mitkrb5) instead of Heimdal are not affected by this issue.
- CVE-2022-3592 - Possibility of exceeding the bounds of the exported directory and access to any file on server Through manipulation of symbolic links. The issue is specific to Samba 4.17 and is caused by an error in the new code for handling symbolic links in user space (the code lacked a check to ensure that the link's target directory was located outside the exported directory). The vulnerability can be exploited by a client with write access to the exported partition, provided via the SMB1 or NFS protocols, which allow the creation of symbolic links.
Source: opennet.ru
