Test ID:	1.3.6.1.4.1.25623.1.1.10.2023.0010
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2023-0010)
Summary:	The remote host is missing an update for the 'ldb, samba, sssd, talloc, tdb, tevent' package(s) announced via the MGASA-2023-0010 advisory.
Description:	Summary: The remote host is missing an update for the 'ldb, samba, sssd, talloc, tdb, tevent' package(s) announced via the MGASA-2023-0010 advisory. Vulnerability Insight: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). Some SMB1 write requests were not correctly range checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client supplied data. The client cannot control the area of the server memory that is written to the file (or printer) (CVE-2022-3437) A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. (CVE-2022-3592) Active directory elevation of privilege vulnerability (CVE-2022-37966) Active directory elevation of privilege vulnerability (CVE-2022-37967) A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the same MD5 calculation and replace it without being detected. (CVE-2022-38023) Active directory integer overflow (CVE-2022-42898) Active directory can be forced to issue weak rc4-hmac encrypted tickets (CVE-2022-45141) Affected Software/OS: 'ldb, samba, sssd, talloc, tdb, tevent' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-3437 https://security.gentoo.org/glsa/202309-06 https://security.gentoo.org/glsa/202310-06 https://access.redhat.com/security/cve/CVE-2022-3437 https://bugzilla.redhat.com/show_bug.cgi?id=2137774 https://www.samba.org/samba/security/CVE-2022-3437.html https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html http://www.openwall.com/lists/oss-security/2023/02/08/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-3592 https://access.redhat.com/security/cve/CVE-2022-3592 https://bugzilla.redhat.com/show_bug.cgi?id=2137776 https://www.samba.org/samba/security/CVE-2022-3592.html Common Vulnerability Exposure (CVE) ID: CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 Common Vulnerability Exposure (CVE) ID: CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 Common Vulnerability Exposure (CVE) ID: CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 Common Vulnerability Exposure (CVE) ID: CVE-2022-42898 https://bugzilla.samba.org/show_bug.cgi?id=15203 https://web.mit.edu/kerberos/advisories/ Common Vulnerability Exposure (CVE) ID: CVE-2022-45141 https://www.samba.org/samba/security/CVE-2022-45141.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.