FreeBSD: VID-f9140ad4-4920-11ed-a07e-080027f5fec9 (CVE-2022-32744): samba -- Multiple vulnerabilities

The Samba Team reports: CVE-2022-2031 The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32744 The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover. CVE-2022-32745 Samba AD users can cause the server to access uninitialised data with an LDAP add or modify request, usually resulting in a segmentation fault. CVE-2022-32746 The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as userAccountControl. CVE-2022-32742 SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.