{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32743", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T07:46:44.980Z", "dateReserved": "2022-06-09T00:00:00", "datePublished": "2022-09-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:33.632859"}, "descriptions": [{"lang": "en", "value": "Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "samba 4.1 and newer", "status": "affected"}]}], "references": [{"url": "https://bugzilla.samba.org/show_bug.cgi?id=14833"}, {"url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1"}, {"name": "FEDORA-2022-4555909843", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P/"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276", "cweId": "CWE-276"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:44.980Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.samba.org/show_bug.cgi?id=14833", "tags": ["x_transferred"]}, {"url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-4555909843", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P/"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED3DD507-0A0D-4BB9-8789-FB6BBCDEB506", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it."}, {"lang": "es", "value": "Samba no comprueba el derecho Validated-DNS-Host-Name para el atributo dNSHostName, lo que podr\u00eda permitir a usuarios no privilegiados escribirlo"}], "id": "CVE-2022-32743", "lastModified": "2023-11-07T03:48:10.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T21:15:10.130", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14833"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Third Party Advisory", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "samba: Validated dnsHostname write right needs to be implemented", "id": "2121128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121128"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-276", "details": ["Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.", "A flaw was found in samba that validates the domain name system's host name. This issue links a trailing $ to objectclass=computer, which helps avoid the creation of SPN values that collide with other, possibly privileged hosts."], "name": "CVE-2022-32743", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Under investigation", "package_name": "samba", "product_name": "Red Hat Storage 3"}], "public_date": "2022-08-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-32743\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32743"], "statement": "This security issue only affects the Samba Active Directory support. We do not ship this in RHEL; thus, it is not affected.", "threat_severity": "Moderate", "upstream_fix": "samba 4.17.0"}