Bug 2222791 (CVE-2022-2127) - CVE-2022-2127 samba: out-of-bounds read in winbind AUTH_CRAP
Summary: CVE-2022-2127 samba: out-of-bounds read in winbind AUTH_CRAP
Keywords:
Status: NEW
Alias: CVE-2022-2127
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2222896 2222894 2222895 2224254
Blocks: 2135524 2216374
TreeView+ depends on / blocked
 
Reported: 2023-07-13 18:08 UTC by TEJ RATHI
Modified: 2024-01-30 13:24 UTC (History)
9 users (show)

Fixed In Version: samba 4.16.11, samba 4.17.10, samba 4.18.5
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6667 0 None None None 2023-11-07 08:22:24 UTC
Red Hat Product Errata RHSA-2023:7139 0 None None None 2023-11-14 15:22:02 UTC
Red Hat Product Errata RHSA-2024:0423 0 None None None 2024-01-24 16:48:17 UTC
Red Hat Product Errata RHSA-2024:0580 0 None None None 2024-01-30 13:24:26 UTC

Description TEJ RATHI 2023-07-13 18:08:00 UTC 
When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.
Comment 2 TEJ RATHI 2023-07-20 09:24:17 UTC 
This CVE is public now - https://www.samba.org/samba/security/CVE-2022-2127.html
Comment 3 TEJ RATHI 2023-07-20 09:33:13 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2224254]
Comment 4 errata-xmlrpc 2023-11-07 08:22:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6667 https://access.redhat.com/errata/RHSA-2023:6667
Comment 5 errata-xmlrpc 2023-11-14 15:22:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7139 https://access.redhat.com/errata/RHSA-2023:7139
Comment 7 errata-xmlrpc 2024-01-24 16:48:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0423 https://access.redhat.com/errata/RHSA-2024:0423
Comment 8 errata-xmlrpc 2024-01-30 13:24:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0580 https://access.redhat.com/errata/RHSA-2024:0580
Note You need to log in before you can comment on or make changes to this bug.