published Correcting issues of the package samba 4.17.2, 4.16.6 and 4.15.11 with the elimination of two vulnerabilities. The release of packet updates in distributions can be traced on the pages: debian , ubuntu , Gentoo , rheel , suse , arch , FreeBSD .
- cve-2022-3437 -overflow of the buffer in the functions of Unwrap_des () and Unwrap_Des3 () provided in the GSSAPI library from the Heimdal package (supplied as part of Samba, starting with version 4.0). Operation of vulnerability is possible through sending a specially designed package to the systems that use GSSAPI. For example, the problem is manifested in the implementation of the client and the file server based on the SMB1 protocol, when using DCE/RPC and in the Active Directory domain controller. Systems collected with MIT Kerberos (–with-System -Mitkrb5) instead of Heimdal are not subject to the problem.
- cve-2022-3592 -the ability to go beyond the border of the exported catalog and access to access Any file on the server through manipulations with symbolic links.
The problem is manifested only in the Samba 4.17 branch and is caused by an error in the new code for processing symbolic links in the user space (there was no check in the code of the target catalog of the link abroad of the exported catalog). Vulnerability can be operated by a client that has access to the exported section provided through the SMB1 or NFS protocols, allowing the creation of symbolic links.
/Media reports.