Samba released updates to address multiple vulnerabilities that can be exploited to take control of impacted systems.

Samba released updates to address multiple vulnerabilities, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, that can be exploited to take control of impacted systems.

On December 15, 2022, Samba announced the 4.17.4, 4.16.8 and 4.15.13 security releases to address the above issues.

Samba is a free software re-implementation of the SMB networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. The software runs on most Unix-like systems, such as Linux, Solaris, AIX and the BSD variants, including Apple’s macOS Server, and macOS client (Mac OS X 10.2 and greater).

  • CVE-2022-38023 – The “RC4” protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
  • CVE-2022-37966 – This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
  • CVE-2022-37967 – An elevation of privilege vulnerability in Windows Kerberos.
  • CVE-2022-45141 – Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, privilege escalation)


Source link