The Samba-Bugzilla – Attachment 17109 Details for
Bug 14950
CVE-2022-0336 [SECURITY] Re-adding an SPN skips subsequent SPN conflict checks
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory v4 -- with CVE
advisory-v4.txt (text/plain), 2.06 KB, created by
Douglas Bagnall
on 2022-01-21 23:39:07 UTC
(
hide
)
Description:
advisory v4 -- with CVE
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2022-01-21 23:39:07 UTC
Size:
2.06 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD users with permission to write to >== an account can impersonate arbitrary services. >== >== CVE ID#: CVE-2022-0336 >== >== Versions: Samba 4.0.0 and later >== >== Summary: Checks in the Samba AD DC to prevent aliased >== SPNs could be bypassed, giving users who can >== write to an account's servicePrincipalName >== attribute the ability to impersonate services. >=========================================================== > >=========== >Description >=========== > >The Samba AD DC includes checks when adding service principals names >(SPNs) to an account to ensure that SPNs do not alias with those >already in the database. Some of these checks are able to be bypassed >if an account modification re-adds an SPN that was previously present >on that account, such as one added when a computer is joined to a >domain. > >An attacker who has the ability to write to an account can exploit >this to perform a denial-of-service attack by adding an SPN that >matches an existing service. Additionally, an attacker who can >intercept traffic can impersonate existing services, resulting in a >loss of confidentiality and integrity. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.13.17, 4.14.12, and 4.15.4 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8) > >========== >Workaround >========== > >None. > >======= >Credits >======= > >Originally reported by Kees van Vloten. > >Analysis, patches, and this advisory by Joseph Sutton of Catalyst >and the Samba Team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==========================================================
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jsutton
:
review+
Actions:
View
Attachments on
bug 14950
:
17100
|
17101
|
17102
|
17103
|
17105
|
17106
|
17108
| 17109 |
17110
|
17111
|
17112
|
17113
|
17114