CVE-2022-32746
Published: 27 July 2022
Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request.
Notes
| Author | Note |
|---|---|
| mdeslaur | combined patches are in bug 15096 Fixing this in Ubuntu 18.04 LTS would require substantial code backports. We will not be fixing this issue in Ubuntu 18.04 LTS. In environments where this is of concern, we recommend updating to a more recent Ubuntu version, or disabling AD DC database audit logging if this is not passible. |
Mitigation
Disabling AD DC database audit logging prevents the use-after-free from occurring, as that is the only component that will access the original message.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
ldb Launchpad, Ubuntu, Debian |
bionic |
Deferred
|
| focal |
Released
(2:2.2.3-0ubuntu0.20.04.3)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Released
(2:2.4.4-0ubuntu0.1)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
samba Launchpad, Ubuntu, Debian |
bionic |
Deferred
|
| focal |
Released
(2:4.13.17~dfsg-0ubuntu1.20.04.1)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Released
(2:4.15.9+dfsg-0ubuntu0.2)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|