FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1c5f3fd7-54bf-11ed-8d1e-005056a311d1	samba -- buffer overflow in Heimdal unwrap_des3() The Samba Team reports: The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. Discovery 2022-08-02 Entry 2022-10-25 samba412 < 4.12.16 samba413 < 4.13.17_4 samba416 < 4.16.6 CVE-2022-3437 https://www.samba.org/samba/security/CVE-2022-3437.html
f9140ad4-4920-11ed-a07e-080027f5fec9	samba -- Multiple vulnerabilities The Samba Team reports: CVE-2022-2031 The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32744 The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover. CVE-2022-32745 Samba AD users can cause the server to access uninitialised data with an LDAP add or modify request, usually resulting in a segmentation fault. CVE-2022-32746 The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as userAccountControl. CVE-2022-32742 SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer. Discovery 2022-07-27 Entry 2022-10-11 samba412 < 4.12.16 samba413 < 4.13.17_2 CVE-2022-2031 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-32742 https://lists.samba.org/archive/samba-announce/2022/000609.html https://www.samba.org/samba/security/CVE-2022-2031.html https://www.samba.org/samba/security/CVE-2022-32744.html https://www.samba.org/samba/security/CVE-2022-32745.html https://www.samba.org/samba/security/CVE-2022-32746.html https://www.samba.org/samba/security/CVE-2022-32742.html

VuXML ID

Description

1c5f3fd7-54bf-11ed-8d1e-005056a311d1

samba -- buffer overflow in Heimdal unwrap_des3()

The Samba Team reports:

The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.

Discovery 2022-08-02
Entry 2022-10-25
samba412

< 4.12.16

samba413

< 4.13.17_4

samba416

< 4.16.6

CVE-2022-3437
https://www.samba.org/samba/security/CVE-2022-3437.html

f9140ad4-4920-11ed-a07e-080027f5fec9

samba -- Multiple vulnerabilities

The Samba Team reports:

CVE-2022-2031

The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.

CVE-2022-32744

The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover.

CVE-2022-32745

Samba AD users can cause the server to access uninitialised data with an LDAP add or modify request, usually resulting in a segmentation fault.

CVE-2022-32746

The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as userAccountControl.

CVE-2022-32742

SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.

Discovery 2022-07-27
Entry 2022-10-11
samba412

< 4.12.16

samba413

< 4.13.17_2

CVE-2022-2031
CVE-2022-32744
CVE-2022-32745
CVE-2022-32746
CVE-2022-32742
https://lists.samba.org/archive/samba-announce/2022/000609.html
https://www.samba.org/samba/security/CVE-2022-2031.html
https://www.samba.org/samba/security/CVE-2022-32744.html
https://www.samba.org/samba/security/CVE-2022-32745.html
https://www.samba.org/samba/security/CVE-2022-32746.html
https://www.samba.org/samba/security/CVE-2022-32742.html