Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-38023

Published: 9 November 2022

Netlogon RPC Elevation of Privilege Vulnerability

Notes

AuthorNote
mdeslaur 
The focal samba update was temporarily reverted by USN 5822-2
because it introduced regressions. It was later updated again
with USN 5936-1.

Priority

Medium

Cvss 3 Severity Score

8.1

Score breakdown

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian 		bionic Needed

focal
Released (2:4.15.13+dfsg-0ubuntu0.20.04.1)
jammy
Released (2:4.15.13+dfsg-0ubuntu1)
kinetic
Released (2:4.16.8+dfsg-0ubuntu1)
lunar
Released (2:4.17.5+dfsg-2ubuntu1)
trusty Needed

upstream
Released (2:4.17.4+dfsg-1,4.17.4,4.16.8,4.15.13)
xenial Needs triage

Patches:
upstream: https://git.samba.org/?p=samba.git;a=commit;h=1040fa4c23509234af5ca5bf4c190c80183d39b4
upstream: https://git.samba.org/?p=samba.git;a=commit;h=ddafd6dc7706e74e74ce96039ac8006b9b2e05ad
upstream: https://git.samba.org/?p=samba.git;a=commit;h=deffd8ea00fecbbf61c4a26279176fe0ae3fe438
upstream: https://git.samba.org/?p=samba.git;a=commit;h=ae1f4644245237fe76bb162af8e95c42903e4eca
upstream: https://git.samba.org/?p=samba.git;a=commit;h=4dc0b8d0a89b0aea865f8508ca3f0d68f50c6f12
upstream: https://git.samba.org/?p=samba.git;a=commit;h=f1cb8950583c12eaa5cbe907d0b16923f7187541
upstream: https://git.samba.org/?p=samba.git;a=commit;h=18bcf0b6496d4ed9d76d23f82674935bd275dc3b
upstream: https://git.samba.org/?p=samba.git;a=commit;h=de121d6c613c6e83e49f2622391d1705077646a4
upstream: https://git.samba.org/?p=samba.git;a=commit;h=9669a41693b8da410cf57e21f2de7c7e6e4c4235
upstream: https://git.samba.org/?p=samba.git;a=commit;h=b9269801ed6bc034da924cdedd0b6a2938a1379f
upstream: https://git.samba.org/?p=samba.git;a=commit;h=643b4c1b95e40e46af14afa60aa42b0fcf1cf446
upstream: https://git.samba.org/?p=samba.git;a=commit;h=e02e8ad46b02a4c16f575b6371eea8ea66dee067
upstream: https://git.samba.org/?p=samba.git;a=commit;h=0be35930722530e5befa16a65a16232393258057
upstream: https://git.samba.org/?p=samba.git;a=commit;h=90f06ad6d7d00fc51a2d64557cf58739fef851c1
upstream: https://git.samba.org/?p=samba.git;a=commit;h=33a814d745c0c2dd4e49582fbee892471620bfcd
upstream: https://git.samba.org/?p=samba.git;a=commit;h=ade168df393064dd25a6e540e06332dcd1803297
upstream: https://git.samba.org/?p=samba.git;a=commit;h=5154471bca2162c14c91ebd02148be521e333817
upstream: https://git.samba.org/?p=samba.git;a=commit;h=a0c68f4caaa0771dcde074906956335c9e458bdf
upstream: https://git.samba.org/?p=samba.git;a=commit;h=4cb1e57caaf537c760de95a4a4e300ff8c711dfe
upstream: https://git.samba.org/?p=samba.git;a=commit;h=b7f0e7f2ccc9c07b2daa0dc6d66ea117108e9a4f
upstream: https://git.samba.org/?p=samba.git;a=commit;h=ba1482a18a807a5db4d1bd84640a0d5d83fcd9c3
upstream: https://git.samba.org/?p=samba.git;a=commit;h=08b69ca61f747a74c5a6634d25ce35e43e145ecd
upstream: https://git.samba.org/?p=samba.git;a=commit;h=57986cad714cc2f738c7482208204ed4e18b1f19
upstream: https://git.samba.org/?p=samba.git;a=commit;h=2b0dc83e0642f7b1f41b6184fb6e20320cd96b63
upstream: https://git.samba.org/?p=samba.git;a=commit;h=dba546dbfa5dcaa22ed828c2f5b7fa9c8cb6242e
upstream: https://git.samba.org/?p=samba.git;a=commit;h=15792b4035d520ad5a0bf4888fa5d6bedb8937aa
upstream: https://git.samba.org/?p=samba.git;a=commit;h=93e4e50d250a85c9b0308c3f899ab00f47f427df
upstream: https://git.samba.org/?p=samba.git;a=commit;h=28ac3faa51c66b005a90c527393fa7c2d43d4c31
upstream: https://git.samba.org/?p=samba.git;a=commit;h=d10dfa85819750f4665dc5fa974f35ce7871acf8

Severity score breakdown

Parameter Value
Base score 8.1
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading