Synology-SA-22:20 Samba

Publish Time: 2022-10-27 13:44:08 UTC+8

Last Updated: 2023-01-13 10:05:54 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

CVE-2022-3437 allows remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology DiskStation Manager (DSM), SMB Service and Synology Directory Server.

None of Synology's products are affected by CVE-2022-3592 as this vulnerability only affect Samba 4.17 and later.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Ongoing
SRM 1.3 Not affected N/A
SRM 1.2 Not affected N/A
DSMUC 3.1 Not affected N/A
VS Firmware 3.0 Not affected N/A
VS Firmware 2.3 Not affected N/A
SMB Service for DSM 7.1 Moderate Ongoing
SMB Service for DSM 7.0 Moderate Ongoing
Synology Directory Server for DSM 7.1 Moderate Ongoing
Synology Directory Server for DSM 7.0 Moderate Ongoing
Synology Directory Server for DSM 6.2 Moderate Ongoing

Mitigation

None

Detail

  • CVE-2022-3437

    • Severity: Moderate
    • CVSS3 Base Score: 5.9
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
    • A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
  • CVE-2022-3592

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
    • A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.

Reference

Revision

Revision Date Description
1 2022-10-27 Initial public release.