Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2108196 (CVE-2022-32742) - CVE-2022-32742 samba: server memory information leak via SMB1
Summary: CVE-2022-32742 samba: server memory information leak via SMB1
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-32742
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2108331 2108332 2111729 2111741 2125552
Blocks: 2095313
TreeView+ depends on / blocked
 
Reported: 2022-07-18 15:01 UTC by Mauro Matteo Cascella
Modified: 2022-12-07 02:33 UTC (History)
18 users (show)

Fixed In Version: samba 4.16.4, samba 4.15.9, samba 4.14.14
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Clone Of:
Environment:
Last Closed: 2022-12-07 02:33:10 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7056 0 None None None 2022-10-19 13:55:59 UTC
Red Hat Product Errata RHSA-2022:7111 0 None None None 2022-10-25 08:46:16 UTC
Red Hat Product Errata RHSA-2022:8317 0 None None None 2022-11-15 10:56:07 UTC

Description Mauro Matteo Cascella 2022-07-18 15:01:38 UTC
As per samba upstream advisory:

All versions of Samba with SMB1 enabled are vulnerable to a server memory information leak bug over SMB1 if a client can write data to a share. Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer).

Please note that only versions of Samba prior to 4.11.0 are vulnerable to this bug by default. Samba versions 4.11.0 and above disable SMB1 by default, and will only be vulnerable if the administrator has deliberately enabled SMB1 in the smb.conf file.

Comment 2 Sandipan Roy 2022-07-28 04:07:48 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2111729]

Comment 4 errata-xmlrpc 2022-10-19 13:55:55 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.5 for RHEL 8

Via RHSA-2022:7056 https://access.redhat.com/errata/RHSA-2022:7056

Comment 5 errata-xmlrpc 2022-10-25 08:46:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7111 https://access.redhat.com/errata/RHSA-2022:7111

Comment 6 errata-xmlrpc 2022-11-15 10:56:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8317 https://access.redhat.com/errata/RHSA-2022:8317

Comment 7 Product Security DevOps Team 2022-12-07 02:33:07 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-32742


Note You need to log in before you can comment on or make changes to this bug.