Abstract
CVE-2022-32742 allows remote authenticated users to obtain sensitive information via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM) and SMB Service.
CVE-2022-2031, CVE-2022-32744, and CVE-2022-32746 allow remote authenticated users to bypass security constraint and conduct denial-of-service attacks via a susceptible version of Synology Directory Server.
None of Synology's products are affected by CVE-2022-32745 as this vulnerability only affect Samba 4.13 and later.
Affected Products
Product |
Severity |
Fixed Release Availability |
DSM 6.2 |
Moderate |
Will not fix |
SRM 1.3 |
Moderate |
Will not fix |
SRM 1.2 |
Moderate |
Will not fix |
DSMUC 3.1 |
Not affected |
N/A |
VS Firmware 3.0 |
Not affected |
N/A |
VS Firmware 2.3 |
Not affected |
N/A |
SMB Service |
Moderate |
Upgrade to 4.15.13-0781 or above. |
Synology Directory Server |
Important |
Upgrade to 4.15.13-0615 or above. |
Mitigation
If you need immediate assistance, please contact Synology technical support via https://account.synology.com/support.
Detail
CVE-2022-32744
- Severity: Important
- CVSS3 Base Score: 8.8
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
CVE-2022-2031
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
CVE-2022-32742
- Severity: Moderate
- CVSS3 Base Score: 4.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
CVE-2022-32746
- Severity: Moderate
- CVSS3 Base Score: 5.4
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
- A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
CVE-2022-32745
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
- A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Reference
Revision
Revision |
Date |
Description |
1 |
2022-07-29 |
Initial public release. |
2 |
2022-08-26 |
Disclosed vulnerability details. |
3 |
2023-05-22 |
Update for Synology Directory Server is now available in Affected Products. |
4 |
2023-05-22 |
Update for SMB Service is now available in Affected Products. |