Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Samba
Alerts

Multiple Vulnerabilities in Samba

28 July 2022

Samba has released security updates to address several vulnerabilities in their product.

The vulnerabilities are:

  • CVE-2022-2031: Samba Active Directory (AD) users can bypass certain restrictions associated with changing passwords.

  • CVE-2022-32744: Samba AD users can forge password change requests for any user.

  • CVE-2022-32745: Samba AD users can crash the server process with an Lightweight Directory Access Protocol (LDAP) add or modify request.

  • CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request.

Administrators of the affected product are advised to upgrade to the latest versions immediately.

More information is available here:

https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
https://www.samba.org/samba/history/samba-4.16.4.html

Back to top