CVE-2022-26809 (MS SMB CVE)
Andrew Bartlett
abartlet at samba.org
Thu Jun 16 09:19:06 UTC 2022
On Thu, 2022-06-16 at 07:16 +0000, V S, Nagendra via samba-technical
wrote:
> Hi,
> Couple of months ago Microsoft released notification for CVE-2022-26809. Would Samba be effect by this CVE?
> The CVE score is 9.8. With very little information in the public notification, couldn't tell with certainty if the CVE is relevant.
>
> Thanks & Regards
> Nagendra.V.S
>
I looked into this and it looks like an integer overflow in RPC
fragment reassembly per https://github.com/websecnl/CVE-2022-26809
While it is possible, it is unlikely we have exactly the same bug (we
likely have different bugs...).
I looked at our code in this area and we were well guarded. I couldn't
find a way to break it.
https://gitlab.com/samba-team/samba/-/blob/master/librpc/rpc/dcesrv_core.c#L2298
As an aside, it would be really awesome if someone could fund an
ongoing project to look over all the CVEs from Microsoft each month and
at least write them up in the way you ask.
We can ask DocHelp for what the changes are, but we need to know to
ask.
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list