CVE-2022-2031
Summary
| CVE | CVE-2022-2031 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-25 18:15:00 UTC |
| Updated | 2023-09-17 09:15:00 UTC |
| Description | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Samba - Security Announcement Archive | MISC | www.samba.org | |
| Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180933 Debian Security Update for samba (DSA 5205-1)
- 182883 Debian Security Update for samba (CVE-2022-2031)
- 198878 Ubuntu Security Notification for Samba Vulnerabilities (USN-5542-1)
- 502579 Alpine Linux Security Update for samba
- 502620 Alpine Linux Security Update for samba
- 502789 Alpine Linux Security Update for samba
- 503810 Alpine Linux Security Update for samba
- 505682 Alpine Linux Security Update for samba
- 672182 EulerOS Security Update for samba (EulerOS-SA-2022-2480)
- 672272 EulerOS Security Update for samba (EulerOS-SA-2022-2697)
- 672309 EulerOS Security Update for samba (EulerOS-SA-2022-2665)
- 672337 EulerOS Security Update for samba (EulerOS-SA-2022-2778)
- 672393 EulerOS Security Update for samba (EulerOS-SA-2022-2743)
- 690958 Free Berkeley Software Distribution (FreeBSD) Security Update for samba (f9140ad4-4920-11ed-a07e-080027f5fec9)
- 710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)
- 752402 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:2582-1)
- 752403 SUSE Enterprise Linux Security Update for ldb, samba (SUSE-SU-2022:2586-1)
- 752438 SUSE Enterprise Linux Security Update for ldb, samba (SUSE-SU-2022:2659-1)
- 752999 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2022:4395-1)
- 753517 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:0081-1)
- 753587 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2023:0160-1)
- 903883 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (10735)