SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f9140ad4-4920-11ed-a07e-080027f5fec9 advisory.
- A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
- A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)
- A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. (CVE-2022-32744)
- A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)
- A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate the affected packages.
File Name: freebsd_pkg_f9140ad4492011eda07e080027f5fec9.nasl
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CPE: p-cpe:/a:freebsd:freebsd:samba412, p-cpe:/a:freebsd:freebsd:samba413, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 10/11/2022
Vulnerability Publication Date: 7/27/2022