Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-32742

Опубликовано: 27 июл. 2022
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

Меры по смягчению последствий

This is an SMB1-only vulnerability. Since Samba release 4.11.0, SMB1 has been disabled by default. We do not recommend enabling SMB1 server support. For Samba versions prior to 4.11.0, please disable SMB1 by adding

server min protocol = SMB2_02

to the [global] section of your smb.conf and restarting smbd.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6sambaOut of support scope
Red Hat Enterprise Linux 6samba4Out of support scope
Red Hat Enterprise Linux 7sambaOut of support scope
Red Hat Enterprise Linux 8sambaFixedRHSA-2022:711125.10.2022
Red Hat Enterprise Linux 8sambaFixedRHSA-2022:711125.10.2022
Red Hat Enterprise Linux 9sambaFixedRHSA-2022:831715.11.2022
Red Hat Enterprise Linux 9sambaFixedRHSA-2022:831715.11.2022
Red Hat Gluster Storage 3.5 for RHEL 8sambaFixedRHSA-2022:705619.10.2022
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8sambaFixedRHSA-2022:711125.10.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2108196samba: server memory information leak via SMB1

EPSS

Процентиль: 39%
0.00172
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-32742

CVSS3: 4.3
ubuntu
почти 3 года назад

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

nvd логотип

CVE-2022-32742

CVSS3: 4.3
nvd
почти 3 года назад

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

msrc логотип

CVE-2022-32742

CVSS3: 4.3
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-32742

CVSS3: 4.3
debian
почти 3 года назад

A flaw was found in Samba. Some SMB1 write requests were not correctly ...

suse-cvrf логотип

SUSE-SU-2022:2651-1

suse-cvrf
около 3 лет назад

Security update for samba

EPSS

Процентиль: 39%
0.00172
Низкий

4.3 Medium

CVSS3