Detections
Analytics

Amazon Linux 2022 : samba (ALAS2022-2022-213)

high Nessus Plugin ID 168577

Language:

Synopsis

The remote Amazon Linux 2022 host is missing a security update.

Description

The version of samba installed on the remote host is prior to 4.16.5-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-213 advisory.

 - A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. (CVE-2020-17049)

 - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)

 - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. (CVE-2022-32744)

 - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)

 - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update samba' to update your system.

See Also

https://alas.aws.amazon.com/AL2022/ALAS-2022-213.html

https://alas.aws.amazon.com/cve/html/CVE-2020-17049.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32742.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32744.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32745.html

https://alas.aws.amazon.com/cve/html/CVE-2022-32746.html

Plugin Details

Severity: High

ID: 168577

File Name: al2022_ALAS2022-2022-213.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/9/2022

Updated: 12/11/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2020-17049

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-32744

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:libsmbclient, p-cpe:/a:amazon:linux:samba, p-cpe:/a:amazon:linux:samba-pidl, p-cpe:/a:amazon:linux:libsmbclient-debuginfo, p-cpe:/a:amazon:linux:libwbclient, p-cpe:/a:amazon:linux:samba-common-libs, p-cpe:/a:amazon:linux:samba-test-libs-debuginfo, p-cpe:/a:amazon:linux:samba-libs, p-cpe:/a:amazon:linux:samba-vfs-iouring, p-cpe:/a:amazon:linux:samba-winbind-krb5-locator, p-cpe:/a:amazon:linux:samba-dc-bind-dlz, p-cpe:/a:amazon:linux:samba-common-tools-debuginfo, p-cpe:/a:amazon:linux:samba-dc-debuginfo, p-cpe:/a:amazon:linux:samba-debugsource, p-cpe:/a:amazon:linux:ctdb-debuginfo, p-cpe:/a:amazon:linux:samba-test, p-cpe:/a:amazon:linux:samba-client-libs, p-cpe:/a:amazon:linux:samba-client-debuginfo, p-cpe:/a:amazon:linux:ctdb, p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo, p-cpe:/a:amazon:linux:samba-dc, p-cpe:/a:amazon:linux:samba-test-libs, p-cpe:/a:amazon:linux:samba-winbind-debuginfo, p-cpe:/a:amazon:linux:libwbclient-debuginfo, cpe:/o:amazon:linux:2022, p-cpe:/a:amazon:linux:libwbclient-devel, p-cpe:/a:amazon:linux:samba-winbind-clients, p-cpe:/a:amazon:linux:samba-common-libs-debuginfo, p-cpe:/a:amazon:linux:samba-client-libs-debuginfo, p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo, p-cpe:/a:amazon:linux:python3-samba-debuginfo, p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo, p-cpe:/a:amazon:linux:samba-krb5-printing, p-cpe:/a:amazon:linux:samba-libs-debuginfo, p-cpe:/a:amazon:linux:samba-winbind, p-cpe:/a:amazon:linux:samba-debuginfo, p-cpe:/a:amazon:linux:python3-samba, p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo, p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo, p-cpe:/a:amazon:linux:samba-client, p-cpe:/a:amazon:linux:python3-samba-test, p-cpe:/a:amazon:linux:samba-common-tools, p-cpe:/a:amazon:linux:samba-dc-provision, p-cpe:/a:amazon:linux:samba-devel, p-cpe:/a:amazon:linux:samba-common, p-cpe:/a:amazon:linux:libsmbclient-devel, p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo, p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo, p-cpe:/a:amazon:linux:samba-dc-libs, p-cpe:/a:amazon:linux:python3-samba-dc, p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo, p-cpe:/a:amazon:linux:samba-winbind-modules, p-cpe:/a:amazon:linux:samba-test-debuginfo, p-cpe:/a:amazon:linux:python3-samba-devel

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/6/2022

Vulnerability Publication Date: 11/10/2020

Reference Information

CVE: CVE-2020-17049, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746

IAVA: 2022-A-0299-S