Bug 15237 (CVE-2022-37966) - CVE-2022-37966 [SECURITY] arcfour-hmac-md5 Kerberos session keys are weak, force aes256-cts-hmac-sha1-96 instead
Summary: CVE-2022-37966 [SECURITY] arcfour-hmac-md5 Kerberos session keys are weak, fo...
Status: RESOLVED FIXED
Alias: CVE-2022-37966
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.17.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL: https://msrc.microsoft.com/update-gui...
Keywords:
Depends on: 15048 15219
Blocks: CVE-2022-45141 15238
  Show dependency treegraph
 
Reported: 2022-11-11 01:31 UTC by Andrew Bartlett
Modified: 2022-12-19 06:29 UTC (History)
7 users (show)

See Also:


Attachments
Initial advisory without versions (3.95 KB, text/plain)
2022-11-14 02:52 UTC, Andrew Bartlett
no flags Details
Updated v2 advisory with MS CVE (3.93 KB, text/plain)
2022-11-15 21:48 UTC, Andrew Bartlett
no flags Details
Advisory v3 (4.58 KB, text/plain)
2022-12-12 23:42 UTC, Andrew Bartlett
no flags Details
Advisory v4 (4.63 KB, text/plain)
2022-12-12 23:53 UTC, Andrew Bartlett
no flags Details
Advisory v5 (4.72 KB, text/plain)
2022-12-13 02:50 UTC, Andrew Bartlett
no flags Details
bfixes-CVE-2022-37966+37967-v4-17.txt (depends on bfixes-CVE-2022-38023-v4-17.txt) (1.67 MB, text/plain)
2022-12-13 23:36 UTC, Stefan Metzmacher
abartlet: review+
abartlet: ci-passed+
Details
bfixes-CVE-2022-37966+37967-v4-16.txt (depends on bfixes-CVE-2022-38023-v4-16.txt) (1.67 MB, text/plain)
2022-12-13 23:37 UTC, Stefan Metzmacher
abartlet: review+
abartlet: ci-passed+
Details
bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt) (1.70 MB, text/plain)
2022-12-13 23:37 UTC, Stefan Metzmacher
no flags Details
bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt) (1.70 MB, text/plain)
2022-12-13 23:56 UTC, Stefan Metzmacher
abartlet: review+
abartlet: ci-passed+
Details
CVE-2022-37966-avoid-arcfour-sessions-v6-ready.txt (5.57 KB, text/plain)
2022-12-15 13:56 UTC, Stefan Metzmacher
slow: review+
Details
CVE-2022-37966-avoid-arcfour-sessions-v7-ready.txt (6.68 KB, text/plain)
2022-12-15 15:02 UTC, Jule Anger
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-11-11 01:31:58 UTC
Microsoft has recently gone to some extraordinary lengths to stop using arcfour-hmac-md5 as a session key cipher, introducing a new assumption that AES256_CTS_HMAC_SHA1_96 is available in all deployed Kerberos clients and target servers, even if the ticket key is negotiated as arcfour-hmac-md5

https://learn.microsoft.com/en-nz/openspecs/windows_protocols/ms-kile/6cfc7b50-11ed-4b4d-846d-6f08f0812919

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed

Samba as an AD DC needs to honour bit 0x20 in msDS-supportedEncryptionTypes as AES256_CTS_HMAC_SHA1_96_SK and the session key negotiation in the KDC needs to follow the rule that if this is set that (per dochelp):

> to indicate that if an insecure encryption algorithm is used, you must always use a secure algorithm for session keys instead.

We will treat this flag as banning the use of session keys deprecated in RFC8429 (DES, DES3 and RC4). 

Note in particular the new default declared at https://support.microsoft.com/en-us/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d so this becomes the default behaviour (non-default settings are to allow RC4 session keys, or permit AES).
Comment 1 Andrew Bartlett 2022-11-11 01:57:29 UTC
The KB article references "Authentication Negotiation", and this looks like a reference to SPNEGO.  By forcing an aes256-cts-hmac-sha1-96 session key, we go into the NEW_SPNEGO codepath, which has a MIC on the mechList.
Comment 2 Andrew Bartlett 2022-11-14 02:52:45 UTC
Created attachment 17648 [details]
Initial advisory without versions
Comment 3 Andrew Bartlett 2022-11-15 21:28:37 UTC
Removing Samba-only CVE, Red Hat points to CVE counting rules that say for the same issue in multiple products but following one specification, use one CVE, so we will use the MS one.
Comment 4 Andrew Bartlett 2022-11-15 21:48:37 UTC
Created attachment 17656 [details]
Updated v2 advisory with MS CVE
Comment 5 Samba QA Contact 2022-12-07 18:57:52 UTC
This bug was referenced in samba v4-15-test:

2be27ec1d7f3bfcdcac65bca1db53772535fe7bf
2ea3f2db8087e0a2c4a18c633b039c722cb6f829
Comment 6 Andrew Bartlett 2022-12-12 20:58:13 UTC
Opening these bugs to the public, and the core issue that triggered this is now described in a BlackHat Europe Presentation by Tom Tervoort, Principal Security Specialist at Secura.
Comment 7 Andrew Bartlett 2022-12-12 21:00:31 UTC
Removing the embargo tag as the code and now a clear description is now public.
Comment 8 Andrew Bartlett 2022-12-12 23:42:27 UTC
Created attachment 17686 [details]
Advisory v3

Updated advisory now that the attack is public, with better guidance on the impact.
Comment 9 Andrew Bartlett 2022-12-12 23:53:49 UTC
Created attachment 17687 [details]
Advisory v4

Improved advisory with now public information on how the attack would be performed, and more correct information on the new -sk key type.
Comment 10 Andrew Bartlett 2022-12-13 02:50:21 UTC
Created attachment 17688 [details]
Advisory v5

Another version with more clarity, we need to make it clear that encrypted sessions are still secure.
Comment 11 Samba QA Contact 2022-12-13 14:07:29 UTC
This bug was referenced in samba master:

a4f6f51cbed53775cdfedc7eec2f28c7beb875cc
c0c25cc0217b082c12330a8c47869c8428a20d0c
0248907e34945153ff2be62dc11d75c956a05932
c7cd6889177e8c705bb637172a60a5cf26734a3f
50e075d2db21e9f23d686684ea3df9454b6b560e
e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de
177334c04230d0ad74bfc2b6825ffbebd5afb9af
538315a2aa6d03b7639b49eb1576efa8755fefec
d861d4eb28bd4c091955c11669edcf867b093a6f
d6b3d68efc296190a133b4e38137bdfde39257f4
6b155b22e6afa52ce29cc475840c1d745b0f1f5e
086646865eef247a54897f5542495a2105563a5e
a7a0b9ad0757d6586905d64bc645a8946fe5c10e
371d7e63fcb966ab54915a3dedb888d48adbf0c0
44802c46b18caf3c7f9f2fb1b66025fc30e22ac5
4bb50c868c8ed14372cb7d27e53cdaba265fc33d
6b46b764fc5760d3bf83bb1ea5fa398d993cf68d
9da028c46f70db60a80d47f5dadbec194510211f
a80f8e1b826ee3f9bbb22752464a73b97c2a612d
c9b10ee32c7e91521d024477a28fb7a622e4eb04
2bd27955ce1000c13b468934eed8b0fdeb66e3bf
1a36c348d7a984bed8d0f3de5bf9bebd1cb3c47a
f3fe1f2ce64ed36be5b001fb4fea92428e73e4e3
16b805c8f376e0992a8bbb359d6bd8f0f96229db
a683507e560a499336c50b88abcd853d49618bf4
40b47c194d7c41fbc6515b6029d5afafb0911232
4cedaa643bf95ef2628f1b631feda833bb2e7da1
b7260c89e0df18822fa276e681406ec4d3921caa
621b8c3927b63776146940b183b03b3ea77fd2d7
d7ea197ed1a9903f601030e6466cc822f9b8f794
f1c5fa28c460f7e011049606b1b9ef96443e5e1f
9e69289b099b47e0352ef67ef7e6529d11688e9a
271cd82cd681d723572fcaeed24052dc98a83612
4ebbe7e40754eeb1c8f221dd59018c3e681ab2ab
e0f89b7bc8025db615dccf096aab4ca87e655368
d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29
f434a30ee7c40aac4a223fcabac9ddd160a155a5
77bd3258f1db0ddf4639a83a81a1aad3ee52c87d
c7c576208960e336da276e251ad7a526e1b3ed45
1dfa91682efd3b12d7d6af75287efb12ebd9e526
fde745ec3491a4fd7b23e053a67093a2ccaf0905
7504a4d6fee7805aac7657b9dab88c48353d6db4
fa64f8fa8d92167ed15d1109af65bbb4daab4bad
36d0a495159f72633f1f41deec979095417a1727
cca3c024fc514bee79bb60a686e470605cc98d6f
d1999c152acdf939b4cd7eb446dd9921d3edae29
987cba90573f955fe9c781830daec85ad4d5bf92
Comment 12 Stefan Metzmacher 2022-12-13 23:36:15 UTC
Created attachment 17695 [details]
bfixes-CVE-2022-37966+37967-v4-17.txt (depends on bfixes-CVE-2022-38023-v4-17.txt)
Comment 13 Stefan Metzmacher 2022-12-13 23:37:10 UTC
Created attachment 17696 [details]
bfixes-CVE-2022-37966+37967-v4-16.txt (depends on bfixes-CVE-2022-38023-v4-16.txt)
Comment 14 Stefan Metzmacher 2022-12-13 23:37:59 UTC
Created attachment 17697 [details]
bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt)
Comment 15 Stefan Metzmacher 2022-12-13 23:56:47 UTC
Created attachment 17699 [details]
bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt)

Rebased on the fixed bfixes-CVE-2022-38023-v4-15.txt
Comment 17 Andrew Bartlett 2022-12-14 07:02:47 UTC
I've directly inspected the 4.17 backport and also the inter-diff back to 4.15 and it looked reasonable.
Comment 18 Andrew Bartlett 2022-12-14 07:27:49 UTC
Comment on attachment 17699 [details]
bfixes-CVE-2022-37966+37967-v4-15.txt (depends on bfixes-CVE-2022-38023-v4-15.txt)

This looks good.  To prove I actually read it, I'll note this totally odd comment added to hdb.asn1:

+-- Just for convenience, for encoding this as TL data in lib/kadm5

This turns out to be a comment made upstream when the encryption type list was added for another purpose (and including it helps make the files a little more similar for the backport), but looks really strange in this commit.
Comment 19 Samba QA Contact 2022-12-14 10:32:19 UTC
This bug was referenced in samba v4-15-test:

900c6e2268dbd2625e679af1550d4874247cd1b1
d09d8f995c9a12a0c96aecdbc9f6dac4f5864890
86834042a187e7ef0c805b4a2fbe4d63b6437794
8f40d9b7dd280920dbbd41614a48eac918e2bcc8
25402db19b95d6ce74faa252dbc4b7d86c0c1dbd
0fe0643e0b7c283a4e49ae4be772fa6a83fe978d
6f94a270722594b521cbef6387b440759e2cb3ac
4543bd706e53844f0585aaa48a574bf8fe2050de
097fa693ded841cf81ffaf143f3501aa1ff45892
30202568a181966ea7c56a33dad5e4942e524b75
e2ac180984e36f54999e970eafb0f05ed90b0fd4
e24512a20ae479ee1dce33d9e3587cc1e58ff4c2
b4be18abf9b9f7ee3361a8a2841f8e700440ce42
92763515d9f0bb8ed56c721d752db1fb7a268407
07edcef7463103ebb9d3eb6e25c945c1abf1e5d2
fed97f46265834f53a895de2460d01321b6f32a7
4650ce1fa5ce1f1da46829bd95bffbb748ed90ca
1daea832104e46cfc4ea9700024bda35271a7672
36d5770585ab3abfe1a17f78709728805482388c
1c06e8b08ca3d8adecd044919758e949f50de7c7
0ad597673246af62c88453236d1eab731368ad08
84c28b05a0a590a0edea616cd0f267e2be44d0a0
c273cb75625c144fc31ede19dcf3c301e209c371
cc6196fa005187c93486a83348b1d69a94219b1e
33e5f0b4a44c0d8231b4176a881cd7279dbe9292
eefa55320558ce8da7fb9d90038c2f778487da44
590228fd72f66412a8188b3b09d2d71e91b0d568
701b2650d1b47adac55f948c4e055d5ecc52e1da
a7e2f5d32e59758ca714e292e3aa0e51821a9d43
a4deabde39e0219945d0725ee5c1a79591e8fd2d
5127bcfded4c242776bdcc42e8fb5296362d017d
c0a367ad02a7384013389c0b1feabf77a48ac659
6db1a9a9648980de2257bb8034838323cd6b84ef
c23c17a8d7546df897654c4205d421de98c0598b
ece27efe594372748c625b7c60c7461b9f39cd67
ac6563e70ade2152a82e56f0b0ff2c43af084946
153e4a391420f1d492d7af3a3cfb71dabf98e08f
5f9e13ce20a0bd9f80820f1d1afedfee035ba0e2
716149ed2bcc2e67eb598cbb5f77e6240f8d155e
f644fc69971c776102f0b60fe184134a413d13e1
8b8835b09fa45c0cd3aba5d5aa504fcfd290386f
527a164b410f87c6f2a9b508d8261214819f8ef3
0d7dc04404dee3f1ddce219f3ed1db736716eef7
eed3d6a3962e8e9d7076486679fedc9e0ec93acb
91a030cbf5862c7ea77d4aa5961f582a28875ef2
1db952fab82eddf0d4100080a64da33786f7c882
a1e91681158d24c453cd23ab9f8760189e7de813
9049c5442aaeccba6e9e68f230679349fa38217a
c768a27bc13fff024db18f2101680d15c2268743
25d881189032a8563931fce116eba02556101f7b
d6b9e8b33978a1b85b487e8363476a3356af893d
1815d339417261605820cb17f240c75fae01289a
ee9ffe50e99d2778d0d17fb65d6b27911d211f91
693a247d3b270677ec6f42189002c647a1e20e19
34fc0da78699827674245ea5f00282107054ba9c
18996e9971224210aa50cff9796c805dc594c296
89b1c78b520f32e54e8a025511908b06158deef0
48d6042dddff6790a87039a095ae7489e3596bf2
d1cfdcf3a3dd44be993f3c543eaf65c53ecdf7a9
Comment 20 Stefan Metzmacher 2022-12-14 10:34:02 UTC
Pushed to autobuild-v4-{16,17}-test
Comment 21 Samba QA Contact 2022-12-14 11:34:46 UTC
This bug was referenced in samba v4-16-test:

3dec660ae2bd1067ea2314917197f44aedef9ba3
0fee9c469c08538c6eb4c07cc0b127033f6c1c80
130c4877b3870c660635750d08849e2a2d7d5673
a89385f2ab705d9cdcd7acebd3388da0d4c399c0
397a390aa86b83ef46126d3df7335a6f4c7d7845
a65fc1fa476a45de402d6127b4ce5a26e761508f
05206c09237e3437e521808c9fa828ea6a8248b4
12e4e94853fd5b9a614dc0a6fb62acbe93f83be1
91b74c701acd7e64a1aa1119782305d2132adc31
2408d405d31274a97b67baf04a36d58e50341050
cc2bea27a640b43c4eed5846fb1bbd3e5ad5d0ad
9ed5a352ca1707ba0cb06bfa785f0e8d5049666d
8d208ab0616068ed1272d81e968d8f3d33953ca6
a9c836d0442b60a3b5dbc3ddbedf6f866e633e79
4c2dc48598dda4bf0d5a166ed3d05ab7b4a3abfb
545c20fd321f8eb5feebd11c825942755b374fdc
31543f2902e64ddc999670cfe4a4f0513159a547
b8996509387b76f118577821a132542a9a7cb549
71fcd5366a0971b982cb553d442bcb11f71f9ace
f29efb011f62a94d4cd6de4aca8722f743008f78
da9da918f7510a1b8120479b8ec505b6b2397e93
c13c60ffbf7f86011594268cc48a1f9f1991f664
001ed425ea19b42cb815be71188d49209bfddbd7
8842d0197d1055d35516c293192fc9c5121b46b7
911750da81abc99ee57bcb0d6129fec85bf6b761
836646d4a02028a96b9974ddf7c36c6d54f25f45
c0bbcc442b8725a9c2b6352514df80c4c0d71dae
0c7af9838fecf1bb900029876496a8a7517bd3a9
b220162824537232ec87cf2194966d590c2165b7
3e4a521a2aaa9da223132ad97f7052460d951a9d
f8839f39f0a7e344c5b46d1e952bf4c7dc5017a6
1d2318ec326f3e530de1d9baf8c4ba3c80603f82
052cfe5a4a1a02bcad0fce53e8e4a1002aa787fd
679904dc0dfd187704a1fe2b9d9fb1b498773516
ec1a2225a0f73f81c46530203775fd5ac703858a
b40b03d0601394cc3a8e7923229aa8d53b2d815f
f11edc1741ea584552e608947cc08956c67cbf9e
55476d01ffcc8115d4170e2b0b2cc8252d0227a7
dd69e432ee80317b691f92a7515917cfda894488
3ea9946f652a04373f3a51597aae4aa24c912eb0
b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab
aeb7c646bb03d468f2cc167153dd54d79848cabb
f4dc5721be379b292bcc175e35c49bc6dee82b73
8e6d2953ba1ac44a2395cbcdd202a4f38ee16c98
c8afae7869a8aa53da90bf1748eb8ce2e8d763aa
906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6
e7d3998bcc8dd4bae40ce5c5854d8c1a39c92809
be57176c3abd01635859e3d3195c3afc091610db
4477651a0de470f826cc548b78feb14305a6ba2b
cdc71cfd273fed0d7907f05897a77335dee374e1
160e566d59011cfc9e5002f306314f1e9a37371b
d5a8e41313d6645898bca3771131da92860b715b
Comment 22 Samba QA Contact 2022-12-14 12:41:37 UTC
This bug was referenced in samba v4-17-test:

523f9aa70a88ca49a9165b0f72df48592f365fd5
9166254b4bb57cfe9fce5df7dc0e0a273c8c64bb
c5eda69a10b20c7a9ec09dd75d74dbf2c18d49e6
fea5bde53c41b07ae0fb15f4af0f0bab7f376a46
d08d54c944def6b3b9d25b3f05e84b67b651f2f6
9fa6585a4cc0f42bccfd28319e80d984d6839d86
362de0199e3ab61ba5df2ddc99809036d5589d5d
91dcb8d0442d15d4c946d13ee240852a0a9cb8fc
4870b9c8e57098af66120762e6ba05905bbc6760
649854b0fad3903723ec8ff3596895a8d8a783b6
15835e21e846b8668701ee832c1e1b6a9df3d7f4
6ff9fc58cd3a4cea1cf2c565e0060427c6e9af77
3d276a19e301ef126da59045b654fffea28a6d82
ac8a4665a8d4c61cae7f830648f2859319653e79
350a2e5fda56eea26a5a238272df8d46f19ccf84
42150ff93bad105f74d867ef1a4683d90f3bb1a3
d8cef2fa342394b20e11d66d03bdf4790523a3ef
123b3c056af8dc3e024e22e49be6d8dd54b29b49
64bfe0ef7868b23e12f465ca9a37f8a8ee161a70
3d85ff9dd5760168618d8f338a154b25e7605b52
82f3c2876a80fa58425db3ee0ab15900680fe0ba
5f8854208d7fe93cb128376d7df88b3723a3bd6a
4ad0303ece5390e5ed73b6863fef51f88ebaca00
425dc5a2a09421b09ae634fe8b51e0ca1b0544f1
91680bf61f5067bf5b3b9eb2ec811be5b676e6ad
d022b9fa3ae3b7284393f96afb0faddc0526e5ab
b10529349fb41842a49f1942bdda65a9ef72b47a
e2e29876b69397c02ba480b17f53204a78d458ff
c894010ae87aa496b8380798ee270f1b5f69f54e
edccbf1a637fc437a358ab49800ec7cdbcba9768
8b9e670c5ce4e3dd70736e49ea0b22c122cdd298
96fcd2b2b1f7933ccc5f42701c818365b59d2932
e741eac059fb07b2e421c6b181175c985659004f
ceda758dd731b7d18ffa40cb32a960bf44fb30fa
42c12b8c36d6466cae5197b84650a27944e059cd
d7efa582a41082d87c844461342e1f9e3ca932a3
bf27c7ba92e6a15456cfe4915bbce423fdd2fbe7
9c106afa804aa6d3380869f70e3bf7057dab43c4
bf633c58114ddf9f9e3a729e623e9bd421dee322
6a4531ad9fb1425c2d3246dcb505d3db08c0325a
0f63356c8bb0216b64947ddb7f80bba70492fb54
d1b65794c8c9ef62912a8bcbebe38651fb71adf2
afc05bec7ec0ab38bebc3e0a8afb105ae10eafef
c642bd9f2e98c9fbfe8d3f71def94fd1e76b65f0
8273935239846045477f99f7dd655d9d37c8c43e
2d1f56c67e604288939f1dba0d8b338fbaedd5a9
91be2dbb30501dc82d942c92d637ffc55518f174
428aa9b001db5c0f56a519eaeb884616a2f88073
17db57685f6cbdb410742045b43aee174193ff4e
dd4832f10a734589f853a95aca6d724644d001c0
701c98858c994f49d828cfa1434344e37ae50a74
5048d63c92ea2a8ccdb1a5a25ac19b2a423ca09d
Comment 23 Greg Hudson 2022-12-14 18:18:50 UTC
Advisory v5 says:

> Despite this value, please note that this attack requires:
>  * that the connection not be encrypted, only signed
>  * that an active attacker obtains a plaintext value of the packet
>  * and can find another plaintext value with the same MD5 checksum and
>    replace it undetected.

This makes a practical attack seem both more likely than it actually is (since almost all signed-only protocols make it easy to obtain a plaintext) and less likely (since MD5 is not currently known to be vulnerable to any second preimage attacks).

The attack requires that a Kerberos-using protocol includes a signing oracle.
Comment 24 Stefan Metzmacher 2022-12-15 13:56:07 UTC
Created attachment 17704 [details]
CVE-2022-37966-avoid-arcfour-sessions-v6-ready.txt
Comment 25 Jule Anger 2022-12-15 15:02:52 UTC
Created attachment 17706 [details]
CVE-2022-37966-avoid-arcfour-sessions-v7-ready.txt
Comment 26 Samba QA Contact 2022-12-15 16:31:41 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.13):

2be27ec1d7f3bfcdcac65bca1db53772535fe7bf
2ea3f2db8087e0a2c4a18c633b039c722cb6f829
900c6e2268dbd2625e679af1550d4874247cd1b1
d09d8f995c9a12a0c96aecdbc9f6dac4f5864890
86834042a187e7ef0c805b4a2fbe4d63b6437794
8f40d9b7dd280920dbbd41614a48eac918e2bcc8
25402db19b95d6ce74faa252dbc4b7d86c0c1dbd
0fe0643e0b7c283a4e49ae4be772fa6a83fe978d
6f94a270722594b521cbef6387b440759e2cb3ac
4543bd706e53844f0585aaa48a574bf8fe2050de
097fa693ded841cf81ffaf143f3501aa1ff45892
30202568a181966ea7c56a33dad5e4942e524b75
e2ac180984e36f54999e970eafb0f05ed90b0fd4
e24512a20ae479ee1dce33d9e3587cc1e58ff4c2
b4be18abf9b9f7ee3361a8a2841f8e700440ce42
92763515d9f0bb8ed56c721d752db1fb7a268407
07edcef7463103ebb9d3eb6e25c945c1abf1e5d2
fed97f46265834f53a895de2460d01321b6f32a7
4650ce1fa5ce1f1da46829bd95bffbb748ed90ca
1daea832104e46cfc4ea9700024bda35271a7672
36d5770585ab3abfe1a17f78709728805482388c
1c06e8b08ca3d8adecd044919758e949f50de7c7
0ad597673246af62c88453236d1eab731368ad08
84c28b05a0a590a0edea616cd0f267e2be44d0a0
c273cb75625c144fc31ede19dcf3c301e209c371
cc6196fa005187c93486a83348b1d69a94219b1e
33e5f0b4a44c0d8231b4176a881cd7279dbe9292
eefa55320558ce8da7fb9d90038c2f778487da44
590228fd72f66412a8188b3b09d2d71e91b0d568
701b2650d1b47adac55f948c4e055d5ecc52e1da
a7e2f5d32e59758ca714e292e3aa0e51821a9d43
a4deabde39e0219945d0725ee5c1a79591e8fd2d
5127bcfded4c242776bdcc42e8fb5296362d017d
c0a367ad02a7384013389c0b1feabf77a48ac659
6db1a9a9648980de2257bb8034838323cd6b84ef
c23c17a8d7546df897654c4205d421de98c0598b
ece27efe594372748c625b7c60c7461b9f39cd67
ac6563e70ade2152a82e56f0b0ff2c43af084946
153e4a391420f1d492d7af3a3cfb71dabf98e08f
5f9e13ce20a0bd9f80820f1d1afedfee035ba0e2
716149ed2bcc2e67eb598cbb5f77e6240f8d155e
f644fc69971c776102f0b60fe184134a413d13e1
8b8835b09fa45c0cd3aba5d5aa504fcfd290386f
527a164b410f87c6f2a9b508d8261214819f8ef3
0d7dc04404dee3f1ddce219f3ed1db736716eef7
eed3d6a3962e8e9d7076486679fedc9e0ec93acb
91a030cbf5862c7ea77d4aa5961f582a28875ef2
1db952fab82eddf0d4100080a64da33786f7c882
a1e91681158d24c453cd23ab9f8760189e7de813
9049c5442aaeccba6e9e68f230679349fa38217a
c768a27bc13fff024db18f2101680d15c2268743
25d881189032a8563931fce116eba02556101f7b
d6b9e8b33978a1b85b487e8363476a3356af893d
1815d339417261605820cb17f240c75fae01289a
ee9ffe50e99d2778d0d17fb65d6b27911d211f91
693a247d3b270677ec6f42189002c647a1e20e19
34fc0da78699827674245ea5f00282107054ba9c
18996e9971224210aa50cff9796c805dc594c296
89b1c78b520f32e54e8a025511908b06158deef0
48d6042dddff6790a87039a095ae7489e3596bf2
d1cfdcf3a3dd44be993f3c543eaf65c53ecdf7a9
Comment 27 Samba QA Contact 2022-12-15 16:34:05 UTC
This bug was referenced in samba v4-17-stable (Release samba-4.17.4):

523f9aa70a88ca49a9165b0f72df48592f365fd5
9166254b4bb57cfe9fce5df7dc0e0a273c8c64bb
c5eda69a10b20c7a9ec09dd75d74dbf2c18d49e6
fea5bde53c41b07ae0fb15f4af0f0bab7f376a46
d08d54c944def6b3b9d25b3f05e84b67b651f2f6
9fa6585a4cc0f42bccfd28319e80d984d6839d86
362de0199e3ab61ba5df2ddc99809036d5589d5d
91dcb8d0442d15d4c946d13ee240852a0a9cb8fc
4870b9c8e57098af66120762e6ba05905bbc6760
649854b0fad3903723ec8ff3596895a8d8a783b6
15835e21e846b8668701ee832c1e1b6a9df3d7f4
6ff9fc58cd3a4cea1cf2c565e0060427c6e9af77
3d276a19e301ef126da59045b654fffea28a6d82
ac8a4665a8d4c61cae7f830648f2859319653e79
350a2e5fda56eea26a5a238272df8d46f19ccf84
42150ff93bad105f74d867ef1a4683d90f3bb1a3
d8cef2fa342394b20e11d66d03bdf4790523a3ef
123b3c056af8dc3e024e22e49be6d8dd54b29b49
64bfe0ef7868b23e12f465ca9a37f8a8ee161a70
3d85ff9dd5760168618d8f338a154b25e7605b52
82f3c2876a80fa58425db3ee0ab15900680fe0ba
5f8854208d7fe93cb128376d7df88b3723a3bd6a
4ad0303ece5390e5ed73b6863fef51f88ebaca00
425dc5a2a09421b09ae634fe8b51e0ca1b0544f1
91680bf61f5067bf5b3b9eb2ec811be5b676e6ad
d022b9fa3ae3b7284393f96afb0faddc0526e5ab
b10529349fb41842a49f1942bdda65a9ef72b47a
e2e29876b69397c02ba480b17f53204a78d458ff
c894010ae87aa496b8380798ee270f1b5f69f54e
edccbf1a637fc437a358ab49800ec7cdbcba9768
8b9e670c5ce4e3dd70736e49ea0b22c122cdd298
96fcd2b2b1f7933ccc5f42701c818365b59d2932
e741eac059fb07b2e421c6b181175c985659004f
ceda758dd731b7d18ffa40cb32a960bf44fb30fa
42c12b8c36d6466cae5197b84650a27944e059cd
d7efa582a41082d87c844461342e1f9e3ca932a3
bf27c7ba92e6a15456cfe4915bbce423fdd2fbe7
9c106afa804aa6d3380869f70e3bf7057dab43c4
bf633c58114ddf9f9e3a729e623e9bd421dee322
6a4531ad9fb1425c2d3246dcb505d3db08c0325a
0f63356c8bb0216b64947ddb7f80bba70492fb54
d1b65794c8c9ef62912a8bcbebe38651fb71adf2
afc05bec7ec0ab38bebc3e0a8afb105ae10eafef
c642bd9f2e98c9fbfe8d3f71def94fd1e76b65f0
8273935239846045477f99f7dd655d9d37c8c43e
2d1f56c67e604288939f1dba0d8b338fbaedd5a9
91be2dbb30501dc82d942c92d637ffc55518f174
428aa9b001db5c0f56a519eaeb884616a2f88073
17db57685f6cbdb410742045b43aee174193ff4e
dd4832f10a734589f853a95aca6d724644d001c0
701c98858c994f49d828cfa1434344e37ae50a74
5048d63c92ea2a8ccdb1a5a25ac19b2a423ca09d
Comment 28 Samba QA Contact 2022-12-15 16:35:27 UTC
This bug was referenced in samba v4-16-stable (Release samba-4.16.8):

3dec660ae2bd1067ea2314917197f44aedef9ba3
0fee9c469c08538c6eb4c07cc0b127033f6c1c80
130c4877b3870c660635750d08849e2a2d7d5673
a89385f2ab705d9cdcd7acebd3388da0d4c399c0
397a390aa86b83ef46126d3df7335a6f4c7d7845
a65fc1fa476a45de402d6127b4ce5a26e761508f
05206c09237e3437e521808c9fa828ea6a8248b4
12e4e94853fd5b9a614dc0a6fb62acbe93f83be1
91b74c701acd7e64a1aa1119782305d2132adc31
2408d405d31274a97b67baf04a36d58e50341050
cc2bea27a640b43c4eed5846fb1bbd3e5ad5d0ad
9ed5a352ca1707ba0cb06bfa785f0e8d5049666d
8d208ab0616068ed1272d81e968d8f3d33953ca6
a9c836d0442b60a3b5dbc3ddbedf6f866e633e79
4c2dc48598dda4bf0d5a166ed3d05ab7b4a3abfb
545c20fd321f8eb5feebd11c825942755b374fdc
31543f2902e64ddc999670cfe4a4f0513159a547
b8996509387b76f118577821a132542a9a7cb549
71fcd5366a0971b982cb553d442bcb11f71f9ace
f29efb011f62a94d4cd6de4aca8722f743008f78
da9da918f7510a1b8120479b8ec505b6b2397e93
c13c60ffbf7f86011594268cc48a1f9f1991f664
001ed425ea19b42cb815be71188d49209bfddbd7
8842d0197d1055d35516c293192fc9c5121b46b7
911750da81abc99ee57bcb0d6129fec85bf6b761
836646d4a02028a96b9974ddf7c36c6d54f25f45
c0bbcc442b8725a9c2b6352514df80c4c0d71dae
0c7af9838fecf1bb900029876496a8a7517bd3a9
b220162824537232ec87cf2194966d590c2165b7
3e4a521a2aaa9da223132ad97f7052460d951a9d
f8839f39f0a7e344c5b46d1e952bf4c7dc5017a6
1d2318ec326f3e530de1d9baf8c4ba3c80603f82
052cfe5a4a1a02bcad0fce53e8e4a1002aa787fd
679904dc0dfd187704a1fe2b9d9fb1b498773516
ec1a2225a0f73f81c46530203775fd5ac703858a
b40b03d0601394cc3a8e7923229aa8d53b2d815f
f11edc1741ea584552e608947cc08956c67cbf9e
55476d01ffcc8115d4170e2b0b2cc8252d0227a7
dd69e432ee80317b691f92a7515917cfda894488
3ea9946f652a04373f3a51597aae4aa24c912eb0
b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab
aeb7c646bb03d468f2cc167153dd54d79848cabb
f4dc5721be379b292bcc175e35c49bc6dee82b73
8e6d2953ba1ac44a2395cbcdd202a4f38ee16c98
c8afae7869a8aa53da90bf1748eb8ce2e8d763aa
906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6
e7d3998bcc8dd4bae40ce5c5854d8c1a39c92809
be57176c3abd01635859e3d3195c3afc091610db
4477651a0de470f826cc548b78feb14305a6ba2b
cdc71cfd273fed0d7907f05897a77335dee374e1
160e566d59011cfc9e5002f306314f1e9a37371b
d5a8e41313d6645898bca3771131da92860b715b