Vulnerability CVE-2022-2031: Information

Description

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-2031
Published: Aug. 25, 2022
Modified: Sept. 17, 2023
Error type identifier: CWE-287

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.15.9-alt14.20.1-alt2ALT-PU-2022-2322-1304593Fixed
sambasisyphus_e2k4.15.9-alt14.20.1-alt1ALT-PU-2022-5705-1-Fixed
sambasisyphus_riscv644.15.9-alt14.20.1-alt2ALT-PU-2022-5651-1-Fixed
sambap104.15.9-alt14.19.6-alt2ALT-PU-2022-2438-1302667Fixed
sambap10_e2k4.15.9-alt14.19.6-alt2ALT-PU-2022-5796-1-Fixed
sambac10f14.15.9-alt14.16.11-alt2ALT-PU-2022-2438-1302667Fixed
sambac9f24.14.14-alt0.c9.14.14.14-alt0.c9.1ALT-PU-2023-1616-1316738Fixed
sambap114.15.9-alt14.20.1-alt1ALT-PU-2022-2322-1304593Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.samba.org/samba/security/CVE-2022-2031.html
  • Vendor Advisory
GLSA-202309-06

      1. Configuration 1

        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.16.0
        End excliding
        4.16.4
        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.15.0
        End excliding
        4.15.9
        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        End excliding
        4.14.14
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top