CVE-2022-38023

Netlogon RPC Elevation of Privilege Vulnerability

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	25.04 plucky	Fixed 2:4.17.5+dfsg-2ubuntu1
	24.10 oracular	Fixed 2:4.17.5+dfsg-2ubuntu1
	24.04 LTS noble	Fixed 2:4.17.5+dfsg-2ubuntu1
	23.10 mantic	Fixed 2:4.17.5+dfsg-2ubuntu1
	23.04 lunar	Fixed 2:4.17.5+dfsg-2ubuntu1
	22.10 kinetic	Fixed 2:4.16.8+dfsg-0ubuntu1
	22.04 LTS jammy	Fixed 2:4.15.13+dfsg-0ubuntu1
	20.04 LTS focal	Fixed 2:4.15.13+dfsg-0ubuntu0.20.04.1
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Vulnerable

Notes

mdeslaur

The focal samba update was temporarily reverted by USN 5822-2 because it introduced regressions. It was later updated again with USN 5936-1.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: https://git.samba.org/?p=samba.git;a=commit;h=1040fa4c23509234af5ca5bf4c190c80183d39b4 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=ddafd6dc7706e74e74ce96039ac8006b9b2e05ad Upstream: https://git.samba.org/?p=samba.git;a=commit;h=deffd8ea00fecbbf61c4a26279176fe0ae3fe438 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=ae1f4644245237fe76bb162af8e95c42903e4eca Upstream: https://git.samba.org/?p=samba.git;a=commit;h=4dc0b8d0a89b0aea865f8508ca3f0d68f50c6f12 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=f1cb8950583c12eaa5cbe907d0b16923f7187541 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=18bcf0b6496d4ed9d76d23f82674935bd275dc3b Upstream: https://git.samba.org/?p=samba.git;a=commit;h=de121d6c613c6e83e49f2622391d1705077646a4 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=9669a41693b8da410cf57e21f2de7c7e6e4c4235 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=b9269801ed6bc034da924cdedd0b6a2938a1379f Upstream: https://git.samba.org/?p=samba.git;a=commit;h=643b4c1b95e40e46af14afa60aa42b0fcf1cf446 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=e02e8ad46b02a4c16f575b6371eea8ea66dee067 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=0be35930722530e5befa16a65a16232393258057 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=90f06ad6d7d00fc51a2d64557cf58739fef851c1 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=33a814d745c0c2dd4e49582fbee892471620bfcd Upstream: https://git.samba.org/?p=samba.git;a=commit;h=ade168df393064dd25a6e540e06332dcd1803297 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=5154471bca2162c14c91ebd02148be521e333817 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=a0c68f4caaa0771dcde074906956335c9e458bdf Upstream: https://git.samba.org/?p=samba.git;a=commit;h=4cb1e57caaf537c760de95a4a4e300ff8c711dfe Upstream: https://git.samba.org/?p=samba.git;a=commit;h=b7f0e7f2ccc9c07b2daa0dc6d66ea117108e9a4f Upstream: https://git.samba.org/?p=samba.git;a=commit;h=ba1482a18a807a5db4d1bd84640a0d5d83fcd9c3 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=08b69ca61f747a74c5a6634d25ce35e43e145ecd Upstream: https://git.samba.org/?p=samba.git;a=commit;h=57986cad714cc2f738c7482208204ed4e18b1f19 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=2b0dc83e0642f7b1f41b6184fb6e20320cd96b63 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=dba546dbfa5dcaa22ed828c2f5b7fa9c8cb6242e Upstream: https://git.samba.org/?p=samba.git;a=commit;h=15792b4035d520ad5a0bf4888fa5d6bedb8937aa Upstream: https://git.samba.org/?p=samba.git;a=commit;h=93e4e50d250a85c9b0308c3f899ab00f47f427df Upstream: https://git.samba.org/?p=samba.git;a=commit;h=28ac3faa51c66b005a90c527393fa7c2d43d4c31 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=d10dfa85819750f4665dc5fa974f35ce7871acf8

Package

Patch details

samba

Severity score breakdown

Parameter	Value
Base score	8.1 · High
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-38023

Cvss 3 Severity Score

Status

Notes

mdeslaur

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references