Detections
Analytics

FreeBSD : samba -- buffer overflow in Heimdal unwrap_des3() (1c5f3fd7-54bf-11ed-8d1e-005056a311d1)

medium Nessus Plugin ID 166525

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1c5f3fd7-54bf-11ed-8d1e-005056a311d1 advisory.

 - The DES (for Samba 4.11 and earlier) and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. Examples of where Samba can use GSSAPI include the client and fileserver for SMB1 (unix extensions), DCE/RPC in all use cases and LDAP in the Active Directory Domain Controller.
 However not all Samba installations are impacted! Samba is often compiled to use the system MIT Kerberos using the --with-system-mitkrb5 argument and these installations are not impacted, as the vulnerable code is not compiled into Samba. However when, as is the default, Samba is compiled to use the internal Heimdal Kerberos library the vulnerable unwrap_des3() is used. (The single-DES use case, along with the equally vulnerable unwrap_des() is only compiled into Samba 4.11 and earlier). The primary use of Samba's internal Heimdal is for the Samba AD DC, but this vulnerability does impact fileserver deployments built with the default build options. (CVE-2022-3437)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://www.samba.org/samba/security/CVE-2022-3437.html

http://www.nessus.org/u?6ba59a8a

Plugin Details

Severity: Medium

ID: 166525

File Name: freebsd_pkg_1c5f3fd754bf11ed8d1e005056a311d1.nasl

Version: 1.5

Type: local

Published: 10/26/2022

Updated: 1/23/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2022-3437

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:samba412, p-cpe:/a:freebsd:freebsd:samba413, p-cpe:/a:freebsd:freebsd:samba416, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 10/25/2022

Vulnerability Publication Date: 10/25/2022

Reference Information

CVE: CVE-2022-3437

IAVA: 2022-A-0447-S