Security News > 2022 > December > Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems.
The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.
Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that offers file server, printing, and Active Directory services.
It's worth noting that both CVE-2022-37966 and CVE-2022-37967, which enable an adversary to gain administrator privileges, were first disclosed by Microsoft as part of its November 2022 Patch Tuesday updates.
"An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 and MS-PAC to bypass security features in a Windows AD environment," the company said of CVE-2022-37966.
The patches also come as the U.S. Cybersecurity and Infrastructure Security Agency this week published 41 Industrial Control Systems advisories pertaining to various flaws impacting Siemens and Prosys OPC products.
News URL
https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Vanir: Open-source security patch validation for Android (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-06 | CVE-2022-45141 | Inadequate Encryption Strength vulnerability in Samba Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | 9.8 |
2022-11-09 | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | 0.0 |
2022-11-09 | CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | 0.0 |
2022-11-09 | CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | 0.0 |