CVE-2022-42898 – krb5: integer overflow vulnerabilities in PAC parsing
https://notcve.org/view.php?id=CVE-2022-42898
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." El análisis sintáctico de PAC en MIT Kerberos 5 (también conocido como krb5) antes de 1.19.4 y 1.20.x antes de 1.20.1 tiene desbordamientos de enteros que pueden conducir a la ejecución remota de código (en KDC, kadmind, o un servidor de aplicaciones GSS o Kerberos) en plataformas de 32 bits (que tienen un desbordamiento de búfer resultante), y causar una denegación de servicio en otras plataformas. Esto ocurre en krb5_pac_parse en lib/krb5/krb/pac.c. • https://bugzilla.samba.org/show_bug.cgi?id=15203 https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 https://security.gentoo.org/glsa/202309-06 https://security.gentoo.org/glsa/202310-06 https://security.netapp.com/advisory/ntap-20230216-0008 https://security.netapp.com/advisory/ntap-20230223-0001 https://web.mit.edu/kerberos/advisories https://web.mit.edu/kerberos/krb5-1.19 https://web& • CWE-190: Integer Overflow or Wraparound •
CVE-2022-1615 – samba: GnuTLS gnutls_rnd() can fail and give predictable random values
https://notcve.org/view.php?id=CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. En Samba, la función GnuTLS gnutls_rnd() puede fallar y dar valores aleatorios predecibles A flaw was found in Samba. When the gnutls_rnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutls_rnd function fails. • https://bugzilla.samba.org/show_bug.cgi?id=15103 https://gitlab.com/samba-team/samba/-/merge_requests/2644 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-1615 https://bugzilla.redhat.com/show_bug.cgi?id=2122649 • CWE-330: Use of Insufficiently Random Values •
CVE-2022-32743
https://notcve.org/view.php?id=CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Samba no comprueba el derecho Validated-DNS-Host-Name para el atributo dNSHostName, lo que podría permitir a usuarios no privilegiados escribirlo • https://bugzilla.samba.org/show_bug.cgi?id=14833 https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 • CWE-276: Incorrect Default Permissions •
CVE-2022-32742 – Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-32742
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). Se ha encontrado un fallo en Samba. Algunas solicitudes de escritura de SMB1 no son comprobaban correctamente para asegurar que el cliente había enviado suficientes datos para completar la escritura, lo que permitía que el contenido de la memoria del servidor fuera escrita en el archivo (o impresora) en lugar de los datos proporcionados por el cliente. • https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-32742.html https://access.redhat.com/security/cve/CVE-2022-32742 https://bugzilla.redhat.com/show_bug.cgi?id=2108196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-3670
https://notcve.org/view.php?id=CVE-2021-3670
MaxQueryDuration not honoured in Samba AD DC LDAP MaxQueryDuration no es cumplido en Samba AD DC LDAP • https://bugzilla.redhat.com/show_bug.cgi?id=2077533 https://bugzilla.samba.org/show_bug.cgi?id=14694 https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 • CWE-400: Uncontrolled Resource Consumption •