CVE-2022-32742
Publication date 27 July 2022
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Mitigation
This issue can be mitigated by disabling SMB1, which is the default configuration in Samba 4.11 and above.
Status
Package | Ubuntu Release | Status |
---|---|---|
samba | 24.10 oracular |
Fixed 2:4.16.4+dfsg-2ubuntu1
|
24.04 LTS noble |
Fixed 2:4.16.4+dfsg-2ubuntu1
|
|
22.04 LTS jammy |
Fixed 2:4.15.9+dfsg-0ubuntu0.2
|
|
20.04 LTS focal |
Fixed 2:4.13.17~dfsg-0ubuntu1.20.04.1
|
|
18.04 LTS bionic |
Vulnerable
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of ESM support, was needs-triage |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 · Medium |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-5542-1
- Samba vulnerabilities
- 1 August 2022