Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-32746

Опубликовано: 27 июл. 2022
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

Отчет

Although versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped in RHEL with the libldb package.

Меры по смягчению последствий

Disabling the AD DC database audit logging prevents the use-after-free from occurring, as that is the only component that will access the original message.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libldbOut of support scope
Red Hat Enterprise Linux 6sambaNot affected
Red Hat Enterprise Linux 6samba4Not affected
Red Hat Enterprise Linux 7libldbOut of support scope
Red Hat Enterprise Linux 7sambaNot affected
Red Hat Enterprise Linux 8sambaNot affected
Red Hat Enterprise Linux 9sambaNot affected
Red Hat Storage 3libldbAffected
Red Hat Storage 3sambaNot affected
Red Hat Enterprise Linux 8libldbFixedRHSA-2022:773008.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2108215samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request

EPSS

Процентиль: 47%
0.00241
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-32746

CVSS3: 5.4
ubuntu
больше 3 лет назад

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

nvd логотип

CVE-2022-32746

CVSS3: 5.4
nvd
больше 3 лет назад

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.

msrc логотип

CVE-2022-32746

CVSS3: 5.4
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2022-32746

CVSS3: 5.4
debian
больше 3 лет назад

A flaw was found in the Samba AD LDAP server. The AD DC database audit ...

rocky логотип

RLSA-2022:8318

rocky
около 3 лет назад

Moderate: libldb security, bug fix, and enhancement update

EPSS

Процентиль: 47%
0.00241
Низкий

5.4 Medium

CVSS3