Bug 2222791 (CVE-2022-2127) - CVE-2022-2127 samba: out-of-bounds read in winbind AUTH_CRAP
Summary: CVE-2022-2127 samba: out-of-bounds read in winbind AUTH_CRAP
Keywords:
Status: NEW
Alias: CVE-2022-2127
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2222894 2222895 2222896 2224254
Blocks: 2135524 2216374
TreeView+ depends on / blocked
 
Reported: 2023-07-13 18:08 UTC by TEJ RATHI
Modified: 2023-08-09 07:06 UTC (History)
9 users (show)

Fixed In Version: samba 4.16.11, samba 4.17.10, samba 4.18.5
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-07-13 18:08:00 UTC 
When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.
Comment 2 TEJ RATHI 2023-07-20 09:24:17 UTC 
This CVE is public now - https://www.samba.org/samba/security/CVE-2022-2127.html
Comment 3 TEJ RATHI 2023-07-20 09:33:13 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2224254]
Note You need to log in before you can comment on or make changes to this bug.