Alpine: samba: security update to 4.15.12-r0

high Tenable Cloud Security Plugin ID 407080

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility
with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to
4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via
specially crafted extended file attributes. A remote attacker with write access to extended file
attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

- The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that
SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an
account modification re-adds an SPN that was previously present on that account, such as one added when a
computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to
perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an
attacker who can intercept traffic can impersonate existing services, resulting in a loss of
confidentiality and integrity. (CVE-2022-0336)

- A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a
single account and set of keys, allowing them to decrypt each other's tickets. A user who has been
requested to change their password, can exploit this flaw to obtain and use tickets to other services.
(CVE-2022-2031)

- A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and
unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI
library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a
maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the
application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-44142

https://security.alpinelinux.org/vuln/CVE-2022-0336

https://security.alpinelinux.org/vuln/CVE-2022-2031

https://security.alpinelinux.org/vuln/CVE-2022-32742

https://security.alpinelinux.org/vuln/CVE-2022-32744

https://security.alpinelinux.org/vuln/CVE-2022-32745

https://security.alpinelinux.org/vuln/CVE-2022-32746

https://security.alpinelinux.org/vuln/CVE-2022-3437

https://security.alpinelinux.org/vuln/CVE-2022-3592

https://security.alpinelinux.org/vuln/CVE-2022-42898

Plugin Details

Severity: High

ID: 407080

Version: Revision 1.28

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 7.7

Percentile: 99.19

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-44142

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-42898

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/31/2022

Exploitable With

Core Impact

Reference Information

CVE: CVE-2021-44142, CVE-2022-0336, CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-3437, CVE-2022-3592, CVE-2022-42898

IAVA: 2022-A-0054, 2022-A-0299, 2022-A-0447-S, 2022-A-0495-S