Vulnerability CVE-2022-2031: Information
Description
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
samba | sisyphus | 4.15.9-alt1 | 4.20.1-alt2 | ALT-PU-2022-2322-1 | 304593 | Fixed |
samba | sisyphus_e2k | 4.15.9-alt1 | 4.20.1-alt1 | ALT-PU-2022-5705-1 | - | Fixed |
samba | sisyphus_riscv64 | 4.15.9-alt1 | 4.20.1-alt2 | ALT-PU-2022-5651-1 | - | Fixed |
samba | p10 | 4.15.9-alt1 | 4.19.6-alt2 | ALT-PU-2022-2438-1 | 302667 | Fixed |
samba | p10_e2k | 4.15.9-alt1 | 4.19.6-alt2 | ALT-PU-2022-5796-1 | - | Fixed |
samba | c10f1 | 4.15.9-alt1 | 4.16.11-alt2 | ALT-PU-2022-2438-1 | 302667 | Fixed |
samba | c9f2 | 4.14.14-alt0.c9.1 | 4.14.14-alt0.c9.1 | ALT-PU-2023-1616-1 | 316738 | Fixed |
samba | p11 | 4.15.9-alt1 | 4.20.1-alt1 | ALT-PU-2022-2322-1 | 304593 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.samba.org/samba/security/CVE-2022-2031.html |
|
GLSA-202309-06 |