Samba Security Vulnerability(CVE-2022-42898)

Samba has released versions 4.17.3, 4.16.7, and 4.15.12 to fix a security vulnerability(CVE-2022-42898) on 32-bit systems.

Based on the released statement by Samba, all versions of Samba prior to 4.15.12, 4.16.7, and 4.17.3 are affected by this security flaw.

______________________________

A. Nature of the Vulnerability

CVE-2022-42898

Samba’s Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.

______________________________

B. Actions to be Taken

CERT-PH encourages all Samba users/administrators using prior versions 4.17.3, 4.16.7 and 4.15.12 to review and apply the updates to mitigate future threats.

For additional information, kindly refer to the official advisory:
- <https://www.samba.org/samba/security/CVE-2022-42898.html>