October 27, 2022
SAMBA patches vulnerabilities that allow remote code execution and data disclosure
SAMBA has released a patch and security advisory to address two vulnerabilities in all versions of Samba prior to 4.17.0 that might allow attackers to perform remote code execution and get access to all of the server’s file systems running vulnerable software.
- CVE-2022-3437 (CVSS 3.1: 5.9, Medium) – limited write heap buffer overflow vulnerability in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba), allows an attacker to run code remotely using a maliciously small packet.
- CVE-2022-3592 (CVSS 3.1: 5.4, Medium) – A vulnerability in the symlink that allows a user to construct a symbolic link that causes smbd to escape the configured share path.
Exploiting the vulnerability allows the attacker access to the whole file system of the server.
Affected Versions and Platforms:
- CVE-2022-3437 – All versions of Samba since Samba 4.0 compiled with Heimdal Kerberos.
- CVE-2022-3592 – All versions of Samba since 4.17.0.
Mitigation and Workaround:
- CVE-2022-3437 – CYREBRO urges all clients to install Samba 4.17.2 or apply The following workarounds to patch the vulnerability as soon as possible.
- CVE-2022-3592 – CYREBRO urges all clients to acquire security updates for 4.15.11, 4.16.6, and 4.17.2. This issue can be resolved by compiling Samba with —with-system-mitkrb5.
References: Samba Security Advisory