CVE-2022-32743
First published: Thu Sep 01 2022(Updated: )
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba Samba | >=4.1.0 | |
| Fedoraproject Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.samba.org/show_bug.cgi?id=14833
- https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P/
- https://security.gentoo.org/glsa/202309-06
Frequently Asked Questions
What is the vulnerability ID for this Samba vulnerability?
The vulnerability ID for this Samba vulnerability is CVE-2022-32743.
What is the severity of CVE-2022-32743?
The severity of CVE-2022-32743 is high with a CVSS score of 7.5.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Samba version 4.1.0 and later, and Fedora version 37.
What is the description of CVE-2022-32743?
CVE-2022-32743 is a vulnerability in Samba that allows unprivileged users to write the dNSHostName attribute without proper validation of the Validated-DNS-Host-Name right.
How can I fix CVE-2022-32743?
To fix CVE-2022-32743, update Samba to a version that includes the necessary patches or apply the recommended security updates provided by the vendor.
- collector/nvd-api
- collector/nvd-index
- vendor/samba
- canonical/samba samba
- version/samba samba/4.1.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37