Bug 1201493 - (CVE-2022-32744) VUL-0: CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user
(CVE-2022-32744)
VUL-0: CVE-2022-32744: samba, ldb: AD users can forge password change request...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Novell Samba Team
Security Team bot
https://smash.suse.de/issue/337265/
CVSSv3.1:SUSE:CVE-2022-32744:8.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-14 07:15 UTC by Robert Frohl
Modified: 2022-08-03 22:18 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Thomas Leroy 2022-07-26 07:29:06 UTC
Thanks for the submissions! However we also need submission for
SUSE:SLE-11-SP3:Update
SUSE:SLE-12-SP1:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-12-SP3:Update
SUSE:SLE-15:Update 	
SUSE:SLE-15-SP1:Update 
SUSE:SLE-15-SP2:Update	
SUSE:SLE-15-SP2:Update:Products:SES7:Update
Comment 6 James McDonough 2022-07-26 13:45:16 UTC
(In reply to Thomas Leroy from comment #5)
> Thanks for the submissions! However we also need submission for
> SUSE:SLE-11-SP3:Update
> SUSE:SLE-12-SP1:Update
> SUSE:SLE-12-SP2:Update
> SUSE:SLE-12-SP3:Update
> SUSE:SLE-15:Update 	
These did not have the AD domain controller shipped

> SUSE:SLE-15-SP1:Update 
> SUSE:SLE-15-SP2:Update	
These two had AD domain controller but only as a tech preview, and it would be risky to backport a massive changeset to LTSS-only releases for a tech preview.


> SUSE:SLE-15-SP2:Update:Products:SES7:Update
This did not have the AD domain controller shipped
Comment 7 Thomas Leroy 2022-07-28 07:20:45 UTC
public: https://www.samba.org/samba/security/CVE-2022-32744.html
Comment 8 Swamp Workflow Management 2022-07-29 13:17:08 UTC
SUSE-SU-2022:2586-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496
CVE References: CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Micro 5.2 (src):    ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Micro 5.1 (src):    ldb-2.4.3-150300.3.20.1
SUSE Linux Enterprise High Availability 15-SP3 (src):    samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Enterprise Storage 7.1 (src):    ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-07-29 13:20:11 UTC
SUSE-SU-2022:2582-1: An update that solves 5 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496
CVE References: CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    samba-4.15.8+git.462.e73f4310487-3.68.1
SUSE Linux Enterprise Server 12-SP5 (src):    samba-4.15.8+git.462.e73f4310487-3.68.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    samba-4.15.8+git.462.e73f4310487-3.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-08-03 22:18:17 UTC
SUSE-SU-2022:2659-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496
CVE References: CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    ldb-2.4.3-150400.4.8.1, samba-4.15.8+git.500.d5910280cc7-150400.3.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    ldb-2.4.3-150400.4.8.1, samba-4.15.8+git.500.d5910280cc7-150400.3.11.1
SUSE Linux Enterprise High Availability 15-SP4 (src):    samba-4.15.8+git.500.d5910280cc7-150400.3.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.