Samba fixes NetLogon and Kerberos vulnerabilities

Samba has released software updates to fix four vulnerabilities in multiple Samba software products. Two of the issues are related to Kerberos Elevation of Privilege vulnerabilities and another a NetLogon flaw that Microsoft patched in November.

A remote attacker could take advantage of these vulnerabilities and exploit impacted systems.

High risk Samba flaws

Samba patched 4 High severity vulnerabilities:

  • CVE-2022-38023: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVSS 8.1)
  • CVE-2022-37966: rc4-hmac Kerberos session keys issued to modern servers (CVSS 8.1)
  • CVE-2022-37967: Kerberos constrained delegation ticket forgery possible against Samba AD DC (CVSS 7.2)
  • CVE-2022-45141: Samba AD DC using Heimdal can be forced to issue rc4-hmac encrypted Kerberos tickets (CVSS 8.1).

Of note, Samba issued a response to Microsoft’s Netlogon RPC Elevation of Privilege vulnerability CVE-2022-38023 (released in November 8, 2022):

“Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac (also known as arcfour-hmac-md5) cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel (DCE/RPC bulk encryption) is also weak, as they are the same cipher (essentially).”

“The weakness on NetLogon Secure channel is that the secure checksum is calculated as HMAC-MD5(MD5(DATA),KEY), meaning that an active attacker knowing the plaintext data could create a different chosen DATA, with the same MD5 checksum, and substitute it into the data stream without being detected,” Samba added.

The Samba advisories for CVE-2022-37966 and CVE-2022-37967 also are in response to Microsoft’s release of Windows Kerberos Elevation of Privilege vulnerabilities as part of November’s patch Tuesday.

Related Articles