[German]There are serious vulnerabilities in older versions of the Samba software, which provides access from Linux to Windows file and print services. The developers have issued a security advisory as of December 15, 2022, and released corrected versions of Samba that eliminate these vulnerabilities.
Advertising
Samba is a free program package that allows Microsoft Windows functions such as the file and print services to be used under other operating systems and to assume the role of a domain controller. Among other things, it implements the SMB/CIFS protocol for this purpose. Especially under Linux, Samba is essential for interacting with Windows over a network.
Vulnerabilities in Samba
I just became aware of the following issue. Several vulnerabilities have been discovered in the Samba software.
The Samba developers have posted the relevant security advisory on this release history page. In older Samba versions, the following vulnerabilities were discovered and fixed by security updates:
- CVE-2022-38023: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
- CVE-2022-37966: rc4-hmac Kerberos session keys issued to modern servers
- CVE-2022-37967: Kerberos constrained delegation ticket forgery possible against Samba AD DC
- CVE-2022-45141: Samba AD DC using Heimdal can be forced to issue rc4-hmac encrypted Kerberos tickets
The vulnerabilities are related to RC4 HMAC encryption weaknesses, and Microsoft had patched the Kerberos authentication vulnerabilities in the November 2022 updates. There, the vulnerability was said to be CVE-2022-37966:
Advertising
An unauthenticated attacker could perform an attack that exploits cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment
The Samba developers are reacting to this development and have released Samba 4.17.4, 4.16.8 and 4.15.13 as security releases for download. The download addresses of individual patches and the Samba source code are available as GZIP tar archives. Details can be found on this release history page and in the linked release notes for the individual vulnerabilities.
