2166672 – (CVE-2022-45142) CVE-2022-45142 samba: CVE-2022-3437 fix introduced a logic inversion

Bug 2166672 (CVE-2022-45142) - CVE-2022-45142 samba: CVE-2022-3437 fix introduced a logic inversion

Summary: CVE-2022-45142 samba: CVE-2022-3437 fix introduced a logic inversion

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-45142
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2165982
TreeView+	depends on / blocked

Reported:	2023-02-02 15:39 UTC by Marian Rehak
Modified:	2023-03-03 20:14 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-02-09 12:58:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-02-02 15:39:44 UTC

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to
the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.

Comment 3 Pedro Sampaio 2023-03-03 20:14:05 UTC

References:

https://www.openwall.com/lists/oss-security/2023/02/08/1

Note You need to log in before you can comment on or make changes to this bug.