| VID |
23333 |
| Severity |
20 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.15.x prior to 4.15.12.
It is, therefore, potentially affected by a buffer overflow condition in the bundled Kerberos libraries due to a miss calculation of bytes to allocate for a buffer. An authenticated, remote attacker can exploit this, via a specially crafted ticket containing Privilege Attribute Certificates, to cause a denial of service condition or read beyond the memory bounds.
* References:
https://www.samba.org/samba/security/CVE-2022-42898.html
* Platforms Affected:
Samba Project, Samba versions 4.15.x prior to 4.15.12
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.15.12 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2022-42898 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
