CVE-2022-32744

一、漏洞信息
 漏洞编号：[CVE-2022-32744](https://nvd.nist.gov/vuln/detail/CVE-2022-32744)
 漏洞归属组件：[samba](https://gitee.com/src-openeuler/samba)
 漏洞归属的版本：4.11.12,4.12.5,4.15.3,4.16.4
 CVSS V2.0分值：
  BaseScore：8.8 High
  Vector：CVSS：2.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 漏洞简述：
  A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users  passwords, enabling full domain takeover.
 漏洞公开时间：2022-08-26 02:15:00
 漏洞创建时间：2022-07-28 03:25:53
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-32744
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| nvd | https://www.samba.org/samba/security/CVE-2022-32744.html |  |
| redhat | https://access.redhat.com/security/cve/CVE-2022-32744 |  |
| redhat_bugzilla | https://access.redhat.com/security/cve/cve-2022-32744 | https://bugzilla.redhat.com/show_bug.cgi?id=2108205 |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://www.samba.org/samba/security/CVE-2022-32744.html | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://ubuntu.com/security/notices/USN-5542-1 | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-32744 | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-32744 | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-32744 | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://bugzilla.samba.org/show_bug.cgi?id=15074 | https://ubuntu.com/security/CVE-2022-32744 |
| ubuntu | https://bugzilla.samba.org/show_bug.cgi?id=15109 (tracking bug) | https://ubuntu.com/security/CVE-2022-32744 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2022-32744 |
| samba |  | https://www.samba.org//samba/security/CVE-2022-2031.html |
| samba |  | https://www.samba.org//samba/security/CVE-2022-32742.html |
| samba |  | https://www.samba.org//samba/security/CVE-2022-32744.html |
| samba |  | https://www.samba.org//samba/security/CVE-2022-32745.html |
| samba |  | https://www.samba.org//samba/security/CVE-2022-32746.html |
| cve_search |  | https://www.samba.org/samba/security/CVE-2022-32744.html |
| mageia |  | http://advisories.mageia.org/MGASA-2022-0299.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2257.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2264.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2284.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2285.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2286.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2287.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2288.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2289.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2304.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2343.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2344.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2345.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2816.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2817.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-2819.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| amazon_linux | https://alas.aws.amazon.com/cve/html/CVE-2022-3037.html | https://alas.aws.amazon.com/ALAS-2022-1639.html |
| redhat_bugzilla | https://access.redhat.com/security/cve/cve-2022-32744 |  |
| redhat_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2108205 |  |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 |  |
| ubuntu | https://www.samba.org/samba/security/CVE-2022-32744.html |  |
| ubuntu | https://ubuntu.com/security/notices/USN-5542-1 |  |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-32744 |  |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-32744 |  |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-32744 |  |
| ubuntu | https://bugzilla.samba.org/show_bug.cgi?id=15074 |  |
| ubuntu | https://bugzilla.samba.org/show_bug.cgi?id=15109 (tracking bug) |  |
| debian | https://security-tracker.debian.org/tracker/CVE-2022-32744 |  |
| samba | https://www.samba.org//samba/security/CVE-2022-2031.html |  |
| samba | https://www.samba.org//samba/security/CVE-2022-32742.html |  |
| samba | https://www.samba.org//samba/security/CVE-2022-32744.html |  |
| samba | https://www.samba.org//samba/security/CVE-2022-32745.html |  |
| samba | https://www.samba.org//samba/security/CVE-2022-32746.html |  |
| nvd | https://www.samba.org/samba/security/CVE-2022-32744.html |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| samba | 4.16.4 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.16.4-security-2022-07-27.patch |  | samba |
| samba | 4.15.9 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.15.9-security-2022-07-27.patch |  | samba |
| samba | 4.14.14 | https://download.samba.orghttps://download.samba.org/pub/samba/ftp/patches/security/samba-4.14.14-security-2022-07-27.patch |  | samba |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
                KDC接受使用它已知的任何密钥加密的kpasswd请求。通过使用自己的密钥加密伪造kpasswd请求，用户可以更改其他用户的密码，从而实现完全的域接管。       
 openEuler评分：
  8.8
 Vector：CVSS：2.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(4.11.12):受影响
2.openEuler-20.03-LTS-SP3(4.11.12):受影响
3.openEuler-22.03-LTS(4.15.3):受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(4.11.12):否
2.openEuler-20.03-LTS-SP3(4.11.12):否
3.openEuler-22.03-LTS(4.15.3):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2022-1817

src-openEuler/samba

内容风险标识

评论 (11)

src-openEuler/samba .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-32744

评论 (11)

搜索帮助

src-openEuler/samba