CVE-2022-1615 – samba: GnuTLS gnutls_rnd() can fail and give predictable random values
https://notcve.org/view.php?id=CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. En Samba, la función GnuTLS gnutls_rnd() puede fallar y dar valores aleatorios predecibles A flaw was found in Samba. When the gnutls_rnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutls_rnd function fails. • https://bugzilla.samba.org/show_bug.cgi?id=15103 https://gitlab.com/samba-team/samba/-/merge_requests/2644 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 https://access.redhat.com/security/cve/CVE-2022-1615 https://bugzilla.redhat.com/show_bug.cgi?id=2122649 • CWE-330: Use of Insufficiently Random Values •
CVE-2022-32743
https://notcve.org/view.php?id=CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Samba no comprueba el derecho Validated-DNS-Host-Name para el atributo dNSHostName, lo que podría permitir a usuarios no privilegiados escribirlo • https://bugzilla.samba.org/show_bug.cgi?id=14833 https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 • CWE-276: Incorrect Default Permissions •
CVE-2022-29154 – rsync: remote arbitrary files write inside the directories of connecting peers
https://notcve.org/view.php?id=CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). Se ha detectado un problema en rsync versiones anteriores a 3.2.5, que permite a servidores remotos maliciosos escribir archivos arbitrarios dentro de los directorios de los pares conectados. • https://github.com/EgeBalci/CVE-2022-29154 http://www.openwall.com/lists/oss-security/2022/08/02/1 https://github.com/WayneD/rsync/tags https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2 https://access.redhat.com/security/cve/CVE-2022-29154 https://bugzilla.redhat.com/show_bug.cgi?id=2110928 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-32742 – Samba SMB1 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-32742
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). Se ha encontrado un fallo en Samba. Algunas solicitudes de escritura de SMB1 no son comprobaban correctamente para asegurar que el cliente había enviado suficientes datos para completar la escritura, lo que permitía que el contenido de la memoria del servidor fuera escrita en el archivo (o impresora) en lugar de los datos proporcionados por el cliente. • https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-32742.html https://access.redhat.com/security/cve/CVE-2022-32742 https://bugzilla.redhat.com/show_bug.cgi?id=2108196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-3670
https://notcve.org/view.php?id=CVE-2021-3670
MaxQueryDuration not honoured in Samba AD DC LDAP MaxQueryDuration no es cumplido en Samba AD DC LDAP • https://bugzilla.redhat.com/show_bug.cgi?id=2077533 https://bugzilla.samba.org/show_bug.cgi?id=14694 https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 • CWE-400: Uncontrolled Resource Consumption •