Microsoft has recently gone to some extraordinary lengths to stop using arcfour-hmac-md5 as a session key cipher, introducing a new assumption that AES256_CTS_HMAC_SHA1_96 is available in all deployed Kerberos clients and target servers, even if the ticket key is negotiated as arcfour-hmac-md5 https://learn.microsoft.com/en-nz/openspecs/windows_protocols/ms-kile/6cfc7b50-11ed-4b4d-846d-6f08f0812919 https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed Samba as an AD DC needs to honour bit 0x20 in msDS-supportedEncryptionTypes as AES256_CTS_HMAC_SHA1_96_SK and the session key negotiation in the KDC needs to follow the rule that if this is set that (per dochelp): > to indicate that if an insecure encryption algorithm is used, you must always use a secure algorithm for session keys instead. We will treat this flag as banning the use of session keys deprecated in RFC8429 (DES, DES3 and RC4). Note in particular the new default declared at https://support.microsoft.com/en-us/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d so this becomes the default behaviour (non-default settings are to allow RC4 session keys, or permit AES).
The KB article references "Authentication Negotiation", and this looks like a reference to SPNEGO. By forcing an aes256-cts-hmac-sha1-96 session key, we go into the NEW_SPNEGO codepath, which has a MIC on the mechList.
Created attachment 17648 [details] Initial advisory without versions
Removing Samba-only CVE, Red Hat points to CVE counting rules that say for the same issue in multiple products but following one specification, use one CVE, so we will use the MS one.
Created attachment 17656 [details] Updated v2 advisory with MS CVE
This bug was referenced in samba v4-15-test: 2be27ec1d7f3bfcdcac65bca1db53772535fe7bf 2ea3f2db8087e0a2c4a18c633b039c722cb6f829
Opening these bugs to the public, and the core issue that triggered this is now described in a BlackHat Europe Presentation by Tom Tervoort, Principal Security Specialist at Secura.
Removing the embargo tag as the code and now a clear description is now public.
Created attachment 17686 [details] Advisory v3 Updated advisory now that the attack is public, with better guidance on the impact.
Created attachment 17687 [details] Advisory v4 Improved advisory with now public information on how the attack would be performed, and more correct information on the new -sk key type.
Created attachment 17688 [details] Advisory v5 Another version with more clarity, we need to make it clear that encrypted sessions are still secure.
This bug was referenced in samba master: a4f6f51cbed53775cdfedc7eec2f28c7beb875cc c0c25cc0217b082c12330a8c47869c8428a20d0c 0248907e34945153ff2be62dc11d75c956a05932 c7cd6889177e8c705bb637172a60a5cf26734a3f 50e075d2db21e9f23d686684ea3df9454b6b560e e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de 177334c04230d0ad74bfc2b6825ffbebd5afb9af 538315a2aa6d03b7639b49eb1576efa8755fefec d861d4eb28bd4c091955c11669edcf867b093a6f d6b3d68efc296190a133b4e38137bdfde39257f4 6b155b22e6afa52ce29cc475840c1d745b0f1f5e 086646865eef247a54897f5542495a2105563a5e a7a0b9ad0757d6586905d64bc645a8946fe5c10e 371d7e63fcb966ab54915a3dedb888d48adbf0c0 44802c46b18caf3c7f9f2fb1b66025fc30e22ac5 4bb50c868c8ed14372cb7d27e53cdaba265fc33d 6b46b764fc5760d3bf83bb1ea5fa398d993cf68d 9da028c46f70db60a80d47f5dadbec194510211f a80f8e1b826ee3f9bbb22752464a73b97c2a612d c9b10ee32c7e91521d024477a28fb7a622e4eb04 2bd27955ce1000c13b468934eed8b0fdeb66e3bf 1a36c348d7a984bed8d0f3de5bf9bebd1cb3c47a f3fe1f2ce64ed36be5b001fb4fea92428e73e4e3 16b805c8f376e0992a8bbb359d6bd8f0f96229db a683507e560a499336c50b88abcd853d49618bf4 40b47c194d7c41fbc6515b6029d5afafb0911232 4cedaa643bf95ef2628f1b631feda833bb2e7da1 b7260c89e0df18822fa276e681406ec4d3921caa 621b8c3927b63776146940b183b03b3ea77fd2d7 d7ea197ed1a9903f601030e6466cc822f9b8f794 f1c5fa28c460f7e011049606b1b9ef96443e5e1f 9e69289b099b47e0352ef67ef7e6529d11688e9a 271cd82cd681d723572fcaeed24052dc98a83612 4ebbe7e40754eeb1c8f221dd59018c3e681ab2ab e0f89b7bc8025db615dccf096aab4ca87e655368 d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29 f434a30ee7c40aac4a223fcabac9ddd160a155a5 77bd3258f1db0ddf4639a83a81a1aad3ee52c87d c7c576208960e336da276e251ad7a526e1b3ed45 1dfa91682efd3b12d7d6af75287efb12ebd9e526 fde745ec3491a4fd7b23e053a67093a2ccaf0905 7504a4d6fee7805aac7657b9dab88c48353d6db4 fa64f8fa8d92167ed15d1109af65bbb4daab4bad 36d0a495159f72633f1f41deec979095417a1727 cca3c024fc514bee79bb60a686e470605cc98d6f d1999c152acdf939b4cd7eb446dd9921d3edae29 987cba90573f955fe9c781830daec85ad4d5bf92
Created attachment 17695 [details] bfixes-CVE-2022-37966+37967-v4-17.txt (depends on bfixes-CVE-2022-38023-v4-17.txt)
Created attachment 17696 [details] bfixes-CVE-2022-37966+37967-v4-16.txt (depends on bfixes-CVE-2022-38023-v4-16.txt)
Created attachment 17697 [details] bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt)
Created attachment 17699 [details] bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt) Rebased on the fixed bfixes-CVE-2022-38023-v4-15.txt
Pipelines are running here: https://gitlab.com/samba-team/devel/samba/-/pipelines/721696062 https://gitlab.com/samba-team/devel/samba/-/pipelines/721696798 https://gitlab.com/samba-team/devel/samba/-/pipelines/721729590
I've directly inspected the 4.17 backport and also the inter-diff back to 4.15 and it looked reasonable.
Comment on attachment 17699 [details] bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt) This looks good. To prove I actually read it, I'll note this totally odd comment added to hdb.asn1: +-- Just for convenience, for encoding this as TL data in lib/kadm5 This turns out to be a comment made upstream when the encryption type list was added for another purpose (and including it helps make the files a little more similar for the backport), but looks really strange in this commit.
This bug was referenced in samba v4-15-test: 900c6e2268dbd2625e679af1550d4874247cd1b1 d09d8f995c9a12a0c96aecdbc9f6dac4f5864890 86834042a187e7ef0c805b4a2fbe4d63b6437794 8f40d9b7dd280920dbbd41614a48eac918e2bcc8 25402db19b95d6ce74faa252dbc4b7d86c0c1dbd 0fe0643e0b7c283a4e49ae4be772fa6a83fe978d 6f94a270722594b521cbef6387b440759e2cb3ac 4543bd706e53844f0585aaa48a574bf8fe2050de 097fa693ded841cf81ffaf143f3501aa1ff45892 30202568a181966ea7c56a33dad5e4942e524b75 e2ac180984e36f54999e970eafb0f05ed90b0fd4 e24512a20ae479ee1dce33d9e3587cc1e58ff4c2 b4be18abf9b9f7ee3361a8a2841f8e700440ce42 92763515d9f0bb8ed56c721d752db1fb7a268407 07edcef7463103ebb9d3eb6e25c945c1abf1e5d2 fed97f46265834f53a895de2460d01321b6f32a7 4650ce1fa5ce1f1da46829bd95bffbb748ed90ca 1daea832104e46cfc4ea9700024bda35271a7672 36d5770585ab3abfe1a17f78709728805482388c 1c06e8b08ca3d8adecd044919758e949f50de7c7 0ad597673246af62c88453236d1eab731368ad08 84c28b05a0a590a0edea616cd0f267e2be44d0a0 c273cb75625c144fc31ede19dcf3c301e209c371 cc6196fa005187c93486a83348b1d69a94219b1e 33e5f0b4a44c0d8231b4176a881cd7279dbe9292 eefa55320558ce8da7fb9d90038c2f778487da44 590228fd72f66412a8188b3b09d2d71e91b0d568 701b2650d1b47adac55f948c4e055d5ecc52e1da a7e2f5d32e59758ca714e292e3aa0e51821a9d43 a4deabde39e0219945d0725ee5c1a79591e8fd2d 5127bcfded4c242776bdcc42e8fb5296362d017d c0a367ad02a7384013389c0b1feabf77a48ac659 6db1a9a9648980de2257bb8034838323cd6b84ef c23c17a8d7546df897654c4205d421de98c0598b ece27efe594372748c625b7c60c7461b9f39cd67 ac6563e70ade2152a82e56f0b0ff2c43af084946 153e4a391420f1d492d7af3a3cfb71dabf98e08f 5f9e13ce20a0bd9f80820f1d1afedfee035ba0e2 716149ed2bcc2e67eb598cbb5f77e6240f8d155e f644fc69971c776102f0b60fe184134a413d13e1 8b8835b09fa45c0cd3aba5d5aa504fcfd290386f 527a164b410f87c6f2a9b508d8261214819f8ef3 0d7dc04404dee3f1ddce219f3ed1db736716eef7 eed3d6a3962e8e9d7076486679fedc9e0ec93acb 91a030cbf5862c7ea77d4aa5961f582a28875ef2 1db952fab82eddf0d4100080a64da33786f7c882 a1e91681158d24c453cd23ab9f8760189e7de813 9049c5442aaeccba6e9e68f230679349fa38217a c768a27bc13fff024db18f2101680d15c2268743 25d881189032a8563931fce116eba02556101f7b d6b9e8b33978a1b85b487e8363476a3356af893d 1815d339417261605820cb17f240c75fae01289a ee9ffe50e99d2778d0d17fb65d6b27911d211f91 693a247d3b270677ec6f42189002c647a1e20e19 34fc0da78699827674245ea5f00282107054ba9c 18996e9971224210aa50cff9796c805dc594c296 89b1c78b520f32e54e8a025511908b06158deef0 48d6042dddff6790a87039a095ae7489e3596bf2 d1cfdcf3a3dd44be993f3c543eaf65c53ecdf7a9
Pushed to autobuild-v4-{16,17}-test
This bug was referenced in samba v4-16-test: 3dec660ae2bd1067ea2314917197f44aedef9ba3 0fee9c469c08538c6eb4c07cc0b127033f6c1c80 130c4877b3870c660635750d08849e2a2d7d5673 a89385f2ab705d9cdcd7acebd3388da0d4c399c0 397a390aa86b83ef46126d3df7335a6f4c7d7845 a65fc1fa476a45de402d6127b4ce5a26e761508f 05206c09237e3437e521808c9fa828ea6a8248b4 12e4e94853fd5b9a614dc0a6fb62acbe93f83be1 91b74c701acd7e64a1aa1119782305d2132adc31 2408d405d31274a97b67baf04a36d58e50341050 cc2bea27a640b43c4eed5846fb1bbd3e5ad5d0ad 9ed5a352ca1707ba0cb06bfa785f0e8d5049666d 8d208ab0616068ed1272d81e968d8f3d33953ca6 a9c836d0442b60a3b5dbc3ddbedf6f866e633e79 4c2dc48598dda4bf0d5a166ed3d05ab7b4a3abfb 545c20fd321f8eb5feebd11c825942755b374fdc 31543f2902e64ddc999670cfe4a4f0513159a547 b8996509387b76f118577821a132542a9a7cb549 71fcd5366a0971b982cb553d442bcb11f71f9ace f29efb011f62a94d4cd6de4aca8722f743008f78 da9da918f7510a1b8120479b8ec505b6b2397e93 c13c60ffbf7f86011594268cc48a1f9f1991f664 001ed425ea19b42cb815be71188d49209bfddbd7 8842d0197d1055d35516c293192fc9c5121b46b7 911750da81abc99ee57bcb0d6129fec85bf6b761 836646d4a02028a96b9974ddf7c36c6d54f25f45 c0bbcc442b8725a9c2b6352514df80c4c0d71dae 0c7af9838fecf1bb900029876496a8a7517bd3a9 b220162824537232ec87cf2194966d590c2165b7 3e4a521a2aaa9da223132ad97f7052460d951a9d f8839f39f0a7e344c5b46d1e952bf4c7dc5017a6 1d2318ec326f3e530de1d9baf8c4ba3c80603f82 052cfe5a4a1a02bcad0fce53e8e4a1002aa787fd 679904dc0dfd187704a1fe2b9d9fb1b498773516 ec1a2225a0f73f81c46530203775fd5ac703858a b40b03d0601394cc3a8e7923229aa8d53b2d815f f11edc1741ea584552e608947cc08956c67cbf9e 55476d01ffcc8115d4170e2b0b2cc8252d0227a7 dd69e432ee80317b691f92a7515917cfda894488 3ea9946f652a04373f3a51597aae4aa24c912eb0 b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab aeb7c646bb03d468f2cc167153dd54d79848cabb f4dc5721be379b292bcc175e35c49bc6dee82b73 8e6d2953ba1ac44a2395cbcdd202a4f38ee16c98 c8afae7869a8aa53da90bf1748eb8ce2e8d763aa 906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6 e7d3998bcc8dd4bae40ce5c5854d8c1a39c92809 be57176c3abd01635859e3d3195c3afc091610db 4477651a0de470f826cc548b78feb14305a6ba2b cdc71cfd273fed0d7907f05897a77335dee374e1 160e566d59011cfc9e5002f306314f1e9a37371b d5a8e41313d6645898bca3771131da92860b715b
This bug was referenced in samba v4-17-test: 523f9aa70a88ca49a9165b0f72df48592f365fd5 9166254b4bb57cfe9fce5df7dc0e0a273c8c64bb c5eda69a10b20c7a9ec09dd75d74dbf2c18d49e6 fea5bde53c41b07ae0fb15f4af0f0bab7f376a46 d08d54c944def6b3b9d25b3f05e84b67b651f2f6 9fa6585a4cc0f42bccfd28319e80d984d6839d86 362de0199e3ab61ba5df2ddc99809036d5589d5d 91dcb8d0442d15d4c946d13ee240852a0a9cb8fc 4870b9c8e57098af66120762e6ba05905bbc6760 649854b0fad3903723ec8ff3596895a8d8a783b6 15835e21e846b8668701ee832c1e1b6a9df3d7f4 6ff9fc58cd3a4cea1cf2c565e0060427c6e9af77 3d276a19e301ef126da59045b654fffea28a6d82 ac8a4665a8d4c61cae7f830648f2859319653e79 350a2e5fda56eea26a5a238272df8d46f19ccf84 42150ff93bad105f74d867ef1a4683d90f3bb1a3 d8cef2fa342394b20e11d66d03bdf4790523a3ef 123b3c056af8dc3e024e22e49be6d8dd54b29b49 64bfe0ef7868b23e12f465ca9a37f8a8ee161a70 3d85ff9dd5760168618d8f338a154b25e7605b52 82f3c2876a80fa58425db3ee0ab15900680fe0ba 5f8854208d7fe93cb128376d7df88b3723a3bd6a 4ad0303ece5390e5ed73b6863fef51f88ebaca00 425dc5a2a09421b09ae634fe8b51e0ca1b0544f1 91680bf61f5067bf5b3b9eb2ec811be5b676e6ad d022b9fa3ae3b7284393f96afb0faddc0526e5ab b10529349fb41842a49f1942bdda65a9ef72b47a e2e29876b69397c02ba480b17f53204a78d458ff c894010ae87aa496b8380798ee270f1b5f69f54e edccbf1a637fc437a358ab49800ec7cdbcba9768 8b9e670c5ce4e3dd70736e49ea0b22c122cdd298 96fcd2b2b1f7933ccc5f42701c818365b59d2932 e741eac059fb07b2e421c6b181175c985659004f ceda758dd731b7d18ffa40cb32a960bf44fb30fa 42c12b8c36d6466cae5197b84650a27944e059cd d7efa582a41082d87c844461342e1f9e3ca932a3 bf27c7ba92e6a15456cfe4915bbce423fdd2fbe7 9c106afa804aa6d3380869f70e3bf7057dab43c4 bf633c58114ddf9f9e3a729e623e9bd421dee322 6a4531ad9fb1425c2d3246dcb505d3db08c0325a 0f63356c8bb0216b64947ddb7f80bba70492fb54 d1b65794c8c9ef62912a8bcbebe38651fb71adf2 afc05bec7ec0ab38bebc3e0a8afb105ae10eafef c642bd9f2e98c9fbfe8d3f71def94fd1e76b65f0 8273935239846045477f99f7dd655d9d37c8c43e 2d1f56c67e604288939f1dba0d8b338fbaedd5a9 91be2dbb30501dc82d942c92d637ffc55518f174 428aa9b001db5c0f56a519eaeb884616a2f88073 17db57685f6cbdb410742045b43aee174193ff4e dd4832f10a734589f853a95aca6d724644d001c0 701c98858c994f49d828cfa1434344e37ae50a74 5048d63c92ea2a8ccdb1a5a25ac19b2a423ca09d
Advisory v5 says: > Despite this value, please note that this attack requires: > * that the connection not be encrypted, only signed > * that an active attacker obtains a plaintext value of the packet > * and can find another plaintext value with the same MD5 checksum and > replace it undetected. This makes a practical attack seem both more likely than it actually is (since almost all signed-only protocols make it easy to obtain a plaintext) and less likely (since MD5 is not currently known to be vulnerable to any second preimage attacks). The attack requires that a Kerberos-using protocol includes a signing oracle.
Created attachment 17704 [details] CVE-2022-37966-avoid-arcfour-sessions-v6-ready.txt
Created attachment 17706 [details] CVE-2022-37966-avoid-arcfour-sessions-v7-ready.txt
This bug was referenced in samba v4-15-stable (Release samba-4.15.13): 2be27ec1d7f3bfcdcac65bca1db53772535fe7bf 2ea3f2db8087e0a2c4a18c633b039c722cb6f829 900c6e2268dbd2625e679af1550d4874247cd1b1 d09d8f995c9a12a0c96aecdbc9f6dac4f5864890 86834042a187e7ef0c805b4a2fbe4d63b6437794 8f40d9b7dd280920dbbd41614a48eac918e2bcc8 25402db19b95d6ce74faa252dbc4b7d86c0c1dbd 0fe0643e0b7c283a4e49ae4be772fa6a83fe978d 6f94a270722594b521cbef6387b440759e2cb3ac 4543bd706e53844f0585aaa48a574bf8fe2050de 097fa693ded841cf81ffaf143f3501aa1ff45892 30202568a181966ea7c56a33dad5e4942e524b75 e2ac180984e36f54999e970eafb0f05ed90b0fd4 e24512a20ae479ee1dce33d9e3587cc1e58ff4c2 b4be18abf9b9f7ee3361a8a2841f8e700440ce42 92763515d9f0bb8ed56c721d752db1fb7a268407 07edcef7463103ebb9d3eb6e25c945c1abf1e5d2 fed97f46265834f53a895de2460d01321b6f32a7 4650ce1fa5ce1f1da46829bd95bffbb748ed90ca 1daea832104e46cfc4ea9700024bda35271a7672 36d5770585ab3abfe1a17f78709728805482388c 1c06e8b08ca3d8adecd044919758e949f50de7c7 0ad597673246af62c88453236d1eab731368ad08 84c28b05a0a590a0edea616cd0f267e2be44d0a0 c273cb75625c144fc31ede19dcf3c301e209c371 cc6196fa005187c93486a83348b1d69a94219b1e 33e5f0b4a44c0d8231b4176a881cd7279dbe9292 eefa55320558ce8da7fb9d90038c2f778487da44 590228fd72f66412a8188b3b09d2d71e91b0d568 701b2650d1b47adac55f948c4e055d5ecc52e1da a7e2f5d32e59758ca714e292e3aa0e51821a9d43 a4deabde39e0219945d0725ee5c1a79591e8fd2d 5127bcfded4c242776bdcc42e8fb5296362d017d c0a367ad02a7384013389c0b1feabf77a48ac659 6db1a9a9648980de2257bb8034838323cd6b84ef c23c17a8d7546df897654c4205d421de98c0598b ece27efe594372748c625b7c60c7461b9f39cd67 ac6563e70ade2152a82e56f0b0ff2c43af084946 153e4a391420f1d492d7af3a3cfb71dabf98e08f 5f9e13ce20a0bd9f80820f1d1afedfee035ba0e2 716149ed2bcc2e67eb598cbb5f77e6240f8d155e f644fc69971c776102f0b60fe184134a413d13e1 8b8835b09fa45c0cd3aba5d5aa504fcfd290386f 527a164b410f87c6f2a9b508d8261214819f8ef3 0d7dc04404dee3f1ddce219f3ed1db736716eef7 eed3d6a3962e8e9d7076486679fedc9e0ec93acb 91a030cbf5862c7ea77d4aa5961f582a28875ef2 1db952fab82eddf0d4100080a64da33786f7c882 a1e91681158d24c453cd23ab9f8760189e7de813 9049c5442aaeccba6e9e68f230679349fa38217a c768a27bc13fff024db18f2101680d15c2268743 25d881189032a8563931fce116eba02556101f7b d6b9e8b33978a1b85b487e8363476a3356af893d 1815d339417261605820cb17f240c75fae01289a ee9ffe50e99d2778d0d17fb65d6b27911d211f91 693a247d3b270677ec6f42189002c647a1e20e19 34fc0da78699827674245ea5f00282107054ba9c 18996e9971224210aa50cff9796c805dc594c296 89b1c78b520f32e54e8a025511908b06158deef0 48d6042dddff6790a87039a095ae7489e3596bf2 d1cfdcf3a3dd44be993f3c543eaf65c53ecdf7a9
This bug was referenced in samba v4-17-stable (Release samba-4.17.4): 523f9aa70a88ca49a9165b0f72df48592f365fd5 9166254b4bb57cfe9fce5df7dc0e0a273c8c64bb c5eda69a10b20c7a9ec09dd75d74dbf2c18d49e6 fea5bde53c41b07ae0fb15f4af0f0bab7f376a46 d08d54c944def6b3b9d25b3f05e84b67b651f2f6 9fa6585a4cc0f42bccfd28319e80d984d6839d86 362de0199e3ab61ba5df2ddc99809036d5589d5d 91dcb8d0442d15d4c946d13ee240852a0a9cb8fc 4870b9c8e57098af66120762e6ba05905bbc6760 649854b0fad3903723ec8ff3596895a8d8a783b6 15835e21e846b8668701ee832c1e1b6a9df3d7f4 6ff9fc58cd3a4cea1cf2c565e0060427c6e9af77 3d276a19e301ef126da59045b654fffea28a6d82 ac8a4665a8d4c61cae7f830648f2859319653e79 350a2e5fda56eea26a5a238272df8d46f19ccf84 42150ff93bad105f74d867ef1a4683d90f3bb1a3 d8cef2fa342394b20e11d66d03bdf4790523a3ef 123b3c056af8dc3e024e22e49be6d8dd54b29b49 64bfe0ef7868b23e12f465ca9a37f8a8ee161a70 3d85ff9dd5760168618d8f338a154b25e7605b52 82f3c2876a80fa58425db3ee0ab15900680fe0ba 5f8854208d7fe93cb128376d7df88b3723a3bd6a 4ad0303ece5390e5ed73b6863fef51f88ebaca00 425dc5a2a09421b09ae634fe8b51e0ca1b0544f1 91680bf61f5067bf5b3b9eb2ec811be5b676e6ad d022b9fa3ae3b7284393f96afb0faddc0526e5ab b10529349fb41842a49f1942bdda65a9ef72b47a e2e29876b69397c02ba480b17f53204a78d458ff c894010ae87aa496b8380798ee270f1b5f69f54e edccbf1a637fc437a358ab49800ec7cdbcba9768 8b9e670c5ce4e3dd70736e49ea0b22c122cdd298 96fcd2b2b1f7933ccc5f42701c818365b59d2932 e741eac059fb07b2e421c6b181175c985659004f ceda758dd731b7d18ffa40cb32a960bf44fb30fa 42c12b8c36d6466cae5197b84650a27944e059cd d7efa582a41082d87c844461342e1f9e3ca932a3 bf27c7ba92e6a15456cfe4915bbce423fdd2fbe7 9c106afa804aa6d3380869f70e3bf7057dab43c4 bf633c58114ddf9f9e3a729e623e9bd421dee322 6a4531ad9fb1425c2d3246dcb505d3db08c0325a 0f63356c8bb0216b64947ddb7f80bba70492fb54 d1b65794c8c9ef62912a8bcbebe38651fb71adf2 afc05bec7ec0ab38bebc3e0a8afb105ae10eafef c642bd9f2e98c9fbfe8d3f71def94fd1e76b65f0 8273935239846045477f99f7dd655d9d37c8c43e 2d1f56c67e604288939f1dba0d8b338fbaedd5a9 91be2dbb30501dc82d942c92d637ffc55518f174 428aa9b001db5c0f56a519eaeb884616a2f88073 17db57685f6cbdb410742045b43aee174193ff4e dd4832f10a734589f853a95aca6d724644d001c0 701c98858c994f49d828cfa1434344e37ae50a74 5048d63c92ea2a8ccdb1a5a25ac19b2a423ca09d
This bug was referenced in samba v4-16-stable (Release samba-4.16.8): 3dec660ae2bd1067ea2314917197f44aedef9ba3 0fee9c469c08538c6eb4c07cc0b127033f6c1c80 130c4877b3870c660635750d08849e2a2d7d5673 a89385f2ab705d9cdcd7acebd3388da0d4c399c0 397a390aa86b83ef46126d3df7335a6f4c7d7845 a65fc1fa476a45de402d6127b4ce5a26e761508f 05206c09237e3437e521808c9fa828ea6a8248b4 12e4e94853fd5b9a614dc0a6fb62acbe93f83be1 91b74c701acd7e64a1aa1119782305d2132adc31 2408d405d31274a97b67baf04a36d58e50341050 cc2bea27a640b43c4eed5846fb1bbd3e5ad5d0ad 9ed5a352ca1707ba0cb06bfa785f0e8d5049666d 8d208ab0616068ed1272d81e968d8f3d33953ca6 a9c836d0442b60a3b5dbc3ddbedf6f866e633e79 4c2dc48598dda4bf0d5a166ed3d05ab7b4a3abfb 545c20fd321f8eb5feebd11c825942755b374fdc 31543f2902e64ddc999670cfe4a4f0513159a547 b8996509387b76f118577821a132542a9a7cb549 71fcd5366a0971b982cb553d442bcb11f71f9ace f29efb011f62a94d4cd6de4aca8722f743008f78 da9da918f7510a1b8120479b8ec505b6b2397e93 c13c60ffbf7f86011594268cc48a1f9f1991f664 001ed425ea19b42cb815be71188d49209bfddbd7 8842d0197d1055d35516c293192fc9c5121b46b7 911750da81abc99ee57bcb0d6129fec85bf6b761 836646d4a02028a96b9974ddf7c36c6d54f25f45 c0bbcc442b8725a9c2b6352514df80c4c0d71dae 0c7af9838fecf1bb900029876496a8a7517bd3a9 b220162824537232ec87cf2194966d590c2165b7 3e4a521a2aaa9da223132ad97f7052460d951a9d f8839f39f0a7e344c5b46d1e952bf4c7dc5017a6 1d2318ec326f3e530de1d9baf8c4ba3c80603f82 052cfe5a4a1a02bcad0fce53e8e4a1002aa787fd 679904dc0dfd187704a1fe2b9d9fb1b498773516 ec1a2225a0f73f81c46530203775fd5ac703858a b40b03d0601394cc3a8e7923229aa8d53b2d815f f11edc1741ea584552e608947cc08956c67cbf9e 55476d01ffcc8115d4170e2b0b2cc8252d0227a7 dd69e432ee80317b691f92a7515917cfda894488 3ea9946f652a04373f3a51597aae4aa24c912eb0 b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab aeb7c646bb03d468f2cc167153dd54d79848cabb f4dc5721be379b292bcc175e35c49bc6dee82b73 8e6d2953ba1ac44a2395cbcdd202a4f38ee16c98 c8afae7869a8aa53da90bf1748eb8ce2e8d763aa 906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6 e7d3998bcc8dd4bae40ce5c5854d8c1a39c92809 be57176c3abd01635859e3d3195c3afc091610db 4477651a0de470f826cc548b78feb14305a6ba2b cdc71cfd273fed0d7907f05897a77335dee374e1 160e566d59011cfc9e5002f306314f1e9a37371b d5a8e41313d6645898bca3771131da92860b715b