Security News > 2022 > December > Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities
2022-12-17 06:54

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems.

The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.

Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that offers file server, printing, and Active Directory services.

It's worth noting that both CVE-2022-37966 and CVE-2022-37967, which enable an adversary to gain administrator privileges, were first disclosed by Microsoft as part of its November 2022 Patch Tuesday updates.

"An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 and MS-PAC to bypass security features in a Windows AD environment," the company said of CVE-2022-37966.

The patches also come as the U.S. Cybersecurity and Infrastructure Security Agency this week published 41 Industrial Control Systems advisories pertaining to various flaws impacting Siemens and Prosys OPC products.


News URL

https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2022-45141 Inadequate Encryption Strength vulnerability in Samba
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
network
low complexity
samba CWE-326
critical
9.8
2022-11-09 CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability 0.0
2022-11-09 CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability 0.0
2022-11-09 CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability 0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Samba 5 2 72 45 9 128