Samba has released software updates that fix multiple vulnerabilities. Exploitation of this vulnerability could allow an attacker to gain control of the affected system.
High severity defects tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, CVE-2022-45141patched in versions 4.17.4, 4.16.8, and 4.15.13. release December 15, 2022.
Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that provides file server, printing, and Active Directory services.
A brief description of each weakness follows:
- CVE-2022-38023 (CVSS score: 8.1) – use of weak RC4-HMAC Kerberos encryption type NetLogon Secure Channel
- CVE-2022-37966 (CVSS score: 8.1) – Elevation of privilege vulnerability in Windows Kerberos RC4-HMAC
- CVE-2022-37967 (CVSS Score: 7.2) – Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-45141 (CVSS score: 8.1) – Using RC4-HMAC encryption when issuing Kerberos tickets on Samba Active Directory domain controllers (AD DC) using Heimdall
It is worth noting that both CVE-2022-37966 When CVE-2022-37967The vulnerability, which allows adversaries to gain administrative privileges, was first disclosed by Microsoft as part of the November 2022 Patch Monthly Update.
“An unauthenticated attacker could exploit vulnerabilities in the cryptographic protocols of RFC 4757 (Kerberos Cryptographic Type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure Specification) to compromise the Windows AD environment. may perform an attack that bypasses the security features of .” the company said of CVE-2022-37966.
A patch will also be made available to the US Cybersecurity and Infrastructure Security Agency (CISA) this week. It was published 41 Industrial Control Systems (ICS) advisories for various defects affecting Siemens and Prosys OPC products.