Samba Releases Security Update

Buffer overflow vulnerability impacts MIT and Heimdal Kerberos libraries of Samba

Threat ID:: CC-4215
Threat Severity:: Information only
Published:: 17 November 2022 1:26 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Buffer overflow vulnerability impacts MIT and Heimdal Kerberos libraries of Samba

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 4.15.12, 4.16.7, and 4.17.3

Samba

Threat details

Introduction

A security update has been published for Samba, the open-source Server Message Block (SMB) application for Linux and Unix systems. This security update addresses a buffer overflow vulnerability within the MIT and Heimdal Kerberos libraries, which impacts 32-bit systems.

This vulnerability has been assigned CVE-2022-42898 and may allow an attacker to overflow a buffer with chunks of sixteen bytes of data which could be used to manipulate system data, cause a denial-of service condition or allow privilege escalation. An attacker could exploit some of these vulnerabilities to take control of an affected system. This vulnerability is not known to impact Samba on 64-bit systems.

Remediation advice

Affected organisations are encouraged to review Samba's security advisory CVE-2022-42898 and to apply the relevant updates where applicable.

Definitive source of threat updates

https://www.samba.org/samba/security/CVE-2022-42898.html

CVE Vulnerabilities

Status Reserved

CVE-2022-42898

Last edited: 17 November 2022 4:39 pm