Multiple Vulnerabilities in Samba

Published on 28 Jul 2022

Updated on 28 Jul 2022

Samba has released security updates to address several vulnerabilities in their product.

The vulnerabilities are:

  • CVE-2022-2031: Samba Active Directory (AD) users can bypass certain restrictions associated with changing passwords.
  • CVE-2022-32744: Samba AD users can forge password change requests for any user.
  • CVE-2022-32745: Samba AD users can crash the server process with an Lightweight Directory Access Protocol (LDAP) add or modify request.
  • CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request.

 

Administrators of the affected product are advised to upgrade to the latest versions immediately.

More information is available here:

https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
https://www.samba.org/samba/history/samba-4.16.4.html