Information Exposure Affecting samba package, versions [,4.11.0)
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-UNMANAGED-SAMBA-2961662
-
published
28 Jul 2022
-
disclosed
27 Jul 2022
-
credit
Luca Moro
Introduced: 27 Jul 2022
New CVE-2022-32742 Open this link in a new tabHow to fix?
Upgrade samba
to version 4.11.0 or higher.
Overview
Affected versions of this package are vulnerable to Information Exposure. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Note:
Samba versions 4.11.0 and above disable SMB1 by default, and will only be vulnerable if the administrator has deliberately enabled SMB1 in the smb.conf
file.