Samba has released software updates to fix four vulnerabilities in multiple Samba software products. Two of the issues are related to Kerberos Elevation of Privilege vulnerabilities and another a NetLogon flaw that Microsoft patched in November.
A remote attacker could take advantage of these vulnerabilities and exploit impacted systems.
High risk Samba flaws
Samba patched 4 High severity vulnerabilities:
- CVE-2022-38023: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVSS 8.1)
- CVE-2022-37966: rc4-hmac Kerberos session keys issued to modern servers (CVSS 8.1)
- CVE-2022-37967: Kerberos constrained delegation ticket forgery possible against Samba AD DC (CVSS 7.2)
- CVE-2022-45141: Samba AD DC using Heimdal can be forced to issue rc4-hmac encrypted Kerberos tickets (CVSS 8.1).
Of note, Samba issued a response to Microsoft’s Netlogon RPC Elevation of Privilege vulnerability CVE-2022-38023 (released in November 8, 2022):
“Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac (also known as arcfour-hmac-md5) cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel (DCE/RPC bulk encryption) is also weak, as they are the same cipher (essentially).”
“The weakness on NetLogon Secure channel is that the secure checksum is calculated as HMAC-MD5(MD5(DATA),KEY), meaning that an active attacker knowing the plaintext data could create a different chosen DATA, with the same MD5 checksum, and substitute it into the data stream without being detected,” Samba added.
The Samba advisories for CVE-2022-37966 and CVE-2022-37967 also are in response to Microsoft’s release of Windows Kerberos Elevation of Privilege vulnerabilities as part of November’s patch Tuesday.