CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-42898 – krb5: integer overflow vulnerabilities in PAC parsing
https://notcve.org/view.php?id=CVE-2022-42898
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." El análisis sintáctico de PAC en MIT Kerberos 5 (también conocido como krb5) antes de 1.19.4 y 1.20.x antes de 1.20.1 tiene desbordamientos de enteros que pueden conducir a la ejecución remota de código (en KDC, kadmind, o un servidor de aplicaciones GSS o Kerberos) en plataformas de 32 bits (que tienen un desbordamiento de búfer resultante), y causar una denegación de servicio en otras plataformas. Esto ocurre en krb5_pac_parse en lib/krb5/krb/pac.c. • https://bugzilla.samba.org/show_bug.cgi?id=15203 https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 https://security.gentoo.org/glsa/202309-06 https://security.gentoo.org/glsa/202310-06 https://security.netapp.com/advisory/ntap-20230216-0008 https://security.netapp.com/advisory/ntap-20230223-0001 https://web.mit.edu/kerberos/advisories https://web.mit.edu/kerberos/krb5-1.19 https://web& • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32743
https://notcve.org/view.php?id=CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Samba no comprueba el derecho Validated-DNS-Host-Name para el atributo dNSHostName, lo que podría permitir a usuarios no privilegiados escribirlo • https://bugzilla.samba.org/show_bug.cgi?id=14833 https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1615 – samba: GnuTLS gnutls_rnd() can fail and give predictable random values
https://notcve.org/view.php?id=CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. En Samba, la función GnuTLS gnutls_rnd() puede fallar y dar valores aleatorios predecibles A flaw was found in Samba. When the gnutls_rnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutls_rnd function fails. • https://bugzilla.samba.org/show_bug.cgi?id=15103 https://gitlab.com/samba-team/samba/-/merge_requests/2644 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-1615 https://bugzilla.redhat.com/show_bug.cgi?id=2122649 • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3670
https://notcve.org/view.php?id=CVE-2021-3670
MaxQueryDuration not honoured in Samba AD DC LDAP MaxQueryDuration no es cumplido en Samba AD DC LDAP • https://bugzilla.redhat.com/show_bug.cgi?id=2077533 https://bugzilla.samba.org/show_bug.cgi?id=14694 https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2031
https://notcve.org/view.php?id=CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. Se ha encontrado un fallo en Samba. Una vulnerabilidad de seguridad es producida cuando el KDC y el servicio kpasswd comparten una misma cuenta y un mismo conjunto de claves, lo que les permite descifrar los tickets del otro. • https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-2031.html • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •