Bug 15240 (CVE-2022-38023) - CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON
Summary: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on...
Status: RESOLVED FIXED
Alias: CVE-2022-38023
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.17.1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on: 15241
Blocks: 15238
  Show dependency treegraph
 
Reported: 2022-11-14 18:56 UTC by Andrew Bartlett
Modified: 2023-02-16 16:37 UTC (History)
6 users (show)

See Also:

Attachments
Initial advisory without versions or CVE number (2.84 KB, text/plain)
2022-11-14 20:19 UTC, Andrew Bartlett 		no flags Details
Advisory v2 (4.58 KB, text/plain)
2022-12-01 02:09 UTC, Andrew Bartlett 		slow: review-
Details
Advisory v3 (5.18 KB, text/plain)
2022-12-12 23:22 UTC, Andrew Bartlett 		no flags Details
bfixes-CVE-2022-38023-v4-17.txt (163.23 KB, text/plain)
2022-12-13 23:32 UTC, Stefan Metzmacher 		metze: review? (abartlet)
bbaumbach: review+
metze: ci-passed+
Details
bfixes-CVE-2022-38023-v4-16.txt (163.25 KB, text/plain)
2022-12-13 23:33 UTC, Stefan Metzmacher 		metze: review? (abartlet)
bbaumbach: review+
metze: ci-passed+
Details
bfixes-CVE-2022-38023-v4-15.txt (162.57 KB, text/plain)
2022-12-13 23:34 UTC, Stefan Metzmacher 		no flags Details
bfixes-CVE-2022-38023-v4-15.txt (160.40 KB, text/plain)
2022-12-13 23:55 UTC, Stefan Metzmacher 		metze: review? (abartlet)
bbaumbach: review+
metze: ci-passed+
Details
CVE-2022-38023-RejectMd5Clients-v4-ready.txt (6.99 KB, text/plain)
2022-12-15 13:57 UTC, Stefan Metzmacher 		slow: review+
Details
Patch for S3 netlogon server (v4.17) (80.64 KB, patch)
2023-01-12 09:39 UTC, Samuel Cabrero 		asn: review+
scabrero: ci-passed+
Details
Patch for S3 netlogon server (v4.16) (80.63 KB, patch)
2023-01-12 09:44 UTC, Samuel Cabrero 		asn: review+
scabrero: ci-passed+
Details
Patch for S3 netlogon server (v4.15) (80.44 KB, patch)
2023-01-12 09:45 UTC, Samuel Cabrero 		asn: review+
scabrero: ci-passed+
Details
Backport for v4-11-test (208.24 KB, patch)
2023-01-19 10:52 UTC, Samuel Cabrero 		asn: review+
Details
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-11-14 18:56:13 UTC 
If, as we are assuming for Bug 15237 / CVE-2022-3938, arcfour-hmac-md5 cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel (DCE/RPC bulk encryption) is also weak, as they are the same cipher (essentially). 

Therefore we must disabled this cipher, unused by modern member servers by default.

We do this by setting 'reject md5 clients = yes' and 'reject md5 servers = yes' by default.
Comment 1 Andrew Bartlett 2022-11-14 20:19:57 UTC 
Created attachment 17652 [details]
Initial advisory without versions or CVE number
Comment 2 Andrew Bartlett 2022-11-18 19:09:16 UTC 
It is clearer in the old Samba 4.0 code where the routines are the old MD5Update() etc, but signing mode in NETLOGON Schannel is bare MD5 based, just like rc4-hmac.

Now the samba master code is
 gnutls_hash(hash_hnd, data, length);
followed by
 gnutls_hmac_fast(GNUTLS_MAC_MD5,...

It is this pre-MD5 that is the problem, because an attack can create a duplicate message with the same MD5 but with a different action (a pre-image), which will then be authenticated by the HMAC-MD5 step. 

(This specific detail embargoed until 8 Dec 2022 at reporters request).
Comment 3 Andrew Bartlett 2022-12-01 00:33:10 UTC 
We need to put in the advisory a specific note about NetApp devices so folks check on these in particular, as per this advice it looks like RC4/HMAC-MD5 is the only mode supported:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Microsoft_Security_Advisory%3A_CVE-2020-1472_impact_on_NetApp_appliance_running_CIFS_NFS_utilizing_Netlogon_servers

We should also point out what audit logs lines to watch for to passively audit an existing installation prior to the upgrade.
Comment 4 Andrew Bartlett 2022-12-01 02:09:38 UTC 
Created attachment 17671 [details]
Advisory v2

This needs checking, but is much closer to what is needed.  The audit logs will help some installations check things without having to break services so I've included examples of a RC4 and AES ServerAuthenticate call and called out NetApp as a service to check carefully.
Comment 5 Ralph Böhme 2022-12-02 15:23:20 UTC 
Comment on attachment 17671 [details]
Advisory v2

One typo: s/aslo/also/. Otherwise looks good!
Comment 6 Andrew Bartlett 2022-12-12 20:58:24 UTC 
Opening these bugs to the public, and the core issue that triggered this is now described in a BlackHat Europe Presentation by Tom Tervoort, Principal Security Specialist at Secura.
Comment 7 Andrew Bartlett 2022-12-12 21:01:25 UTC 
Removing the embargo tag as the code and now a clear description is now public.
Comment 8 Andrew Bartlett 2022-12-12 23:22:01 UTC 
Created attachment 17684 [details]
Advisory v3
Comment 9 Samba QA Contact 2022-12-13 14:07:37 UTC 
This bug was referenced in samba master:

8ec62694a94c346e6ba8f3144a417c9984a1c8b9
830e865ba5648f6520bc552ffd71b61f754b8251
992f39a2c8a58301ceeb965f401e29cd64c5a209
7e7adf86e59e8a673fbe87de46cef0d62221e800
1fdf1d55a5dd550bdb16d037b5dc995c33c1a67a
d60828f6391307a59abaa02b72b6a8acf66b2fef
1c6c1129905d0c7a60018e7bf0f17a0fd198a584
e060ea5b3edbe3cba492062c9605f88fae212ee0
7baabbe9819cd5a2714e7ea4e57a0c23062c0150
0e6a2ba83ef1be3c6a0f5514c21395121621a145
ec62151a2fb49ecbeaa3bf924f49a956832b735e
16ee03efc194d9c1c2c746f63236b977a419918d
63c96ea6c02981795e67336401143f2a8836992c
cfd55a22cda113fbb2bfa373b54091dde1ea6e66
b6339fd1dcbe903e73efeea074ab0bd04ef83561
4c7f84798acd1e3218209d66d1a92e9f42954d51
c8e53394b98b128ed460a6111faf05dfbad980d1
b09f51eefc311bbb1525efd1dc7b9a837f7ec3c2
69b36541606d7064de9648cd54b35adfdf8f0e8f
bd429d025981b445bf63935063e8e302bfab3f9b
2ad302b42254e3c2800aaf11669fe2e6d55fa8a1
43df4be35950f491864ae8ada05d51b42a556381
7ae3735810c2db32fa50f309f8af3c76ffa29768
f43dc4f0bd60d4e127b714565147f82435aa4f07
689507457f5e6666488732f91a355a2183fb1662
7732a4b0bde1d9f98a0371f17d22648495329470
3c57608e1109c1d6e8bb8fbad2ef0b5d79d00e1a
4d540473c3d43d048a30dd63efaeae9ff87b2aeb
Comment 10 Stefan Metzmacher 2022-12-13 14:48:56 UTC 
(In reply to Samba QA Contact from comment #9)


Sorry it seems

b3ed90a0541a271a7c6d4bee1201fa47adc3c0c1
f964c0c357214637f80d0089723b9b11d1b38f7e

got the bug url wrong 15260 instead of 15240.
Comment 11 Stefan Metzmacher 2022-12-13 23:32:49 UTC 
Created attachment 17692 [details]
bfixes-CVE-2022-38023-v4-17.txt
Comment 12 Stefan Metzmacher 2022-12-13 23:33:31 UTC 
Created attachment 17693 [details]
bfixes-CVE-2022-38023-v4-16.txt
Comment 13 Stefan Metzmacher 2022-12-13 23:34:07 UTC 
Created attachment 17694 [details]
bfixes-CVE-2022-38023-v4-15.txt
Comment 14 Stefan Metzmacher 2022-12-13 23:55:44 UTC 
Created attachment 17698 [details]
bfixes-CVE-2022-38023-v4-15.txt

This should build as lpcfg_weak_crypto() is not available in 4.15
Comment 16 Samba QA Contact 2022-12-14 10:32:03 UTC 
This bug was referenced in samba v4-15-test:

1040fa4c23509234af5ca5bf4c190c80183d39b4
ddafd6dc7706e74e74ce96039ac8006b9b2e05ad
deffd8ea00fecbbf61c4a26279176fe0ae3fe438
ae1f4644245237fe76bb162af8e95c42903e4eca
4dc0b8d0a89b0aea865f8508ca3f0d68f50c6f12
f1cb8950583c12eaa5cbe907d0b16923f7187541
18bcf0b6496d4ed9d76d23f82674935bd275dc3b
de121d6c613c6e83e49f2622391d1705077646a4
9669a41693b8da410cf57e21f2de7c7e6e4c4235
b9269801ed6bc034da924cdedd0b6a2938a1379f
643b4c1b95e40e46af14afa60aa42b0fcf1cf446
e02e8ad46b02a4c16f575b6371eea8ea66dee067
0be35930722530e5befa16a65a16232393258057
90f06ad6d7d00fc51a2d64557cf58739fef851c1
33a814d745c0c2dd4e49582fbee892471620bfcd
ade168df393064dd25a6e540e06332dcd1803297
5154471bca2162c14c91ebd02148be521e333817
a0c68f4caaa0771dcde074906956335c9e458bdf
4cb1e57caaf537c760de95a4a4e300ff8c711dfe
b7f0e7f2ccc9c07b2daa0dc6d66ea117108e9a4f
ba1482a18a807a5db4d1bd84640a0d5d83fcd9c3
08b69ca61f747a74c5a6634d25ce35e43e145ecd
57986cad714cc2f738c7482208204ed4e18b1f19
2b0dc83e0642f7b1f41b6184fb6e20320cd96b63
dba546dbfa5dcaa22ed828c2f5b7fa9c8cb6242e
15792b4035d520ad5a0bf4888fa5d6bedb8937aa
93e4e50d250a85c9b0308c3f899ab00f47f427df
28ac3faa51c66b005a90c527393fa7c2d43d4c31
d10dfa85819750f4665dc5fa974f35ce7871acf8
Comment 17 Stefan Metzmacher 2022-12-14 10:33:28 UTC 
Pushed to autobuild-v4-{16,17}-test
Comment 18 Samba QA Contact 2022-12-14 11:34:54 UTC 
This bug was referenced in samba v4-16-test:

af08dd3e25a660c3bb4427f4dc3cd847cc083112
421398ce5ebd9c031ae2c3333d8119d39f616feb
b0dbc395510a90f47d306eab7ff91ad95ccf6268
1fe8857b4d90809ff5b160c73e3d2c28acd3ce65
8a7df0920b76c1a8887200b99e032cc4cb3fc9db
a2388a06cba159ef51af12e69682c6651b836783
08e2a933933a3044914c95be1667b3072436ceed
2139565c2fe0f928ed15393d2b8216392b04f36b
a5996700aded774bcaf61c48af900b8f8d5bb112
0c32166174b36af5a31758dafe88820ff03b9aa9
88018634c78b589185e877e6d7e4f10894c32a0b
82af786a36bd070f1191e6040a65a46893d10b3a
066dafb07a1ee96af75677a1b4c25f8f4a28e0dd
3f4c9c13b1fe79351537fa064f9b39f6cd6f68b1
35ff1221013b5bce7901ebd2bd5ba0089a058de2
852763adc2211347f105cc181ca8abfd79490073
bc78864cb5ff3d37c4efe59888f6150671fc0897
c25546926f57b66c9b19c8a0fca8a40e85aa400a
d2dc3622d4522cbc224fcae384475bf7430988cf
3075f65e5d5e440bcb7b0721e603fe174b764827
80d0238679fb6c0e7df96a8f628f8d4696e8190c
729e905776c5a90e6d4a4855fb82300125a65fd4
3f7cd285b79a113cacec0309fce9bfb303c0f417
abba8c4579f41f267d9b48d2adaac2b5228edcb0
9f809e2dd39e9f5dce5454fb64dd0472ebcb2e10
d04da3d7008d7bcd55eff70400d5834342925013
1d9c939ebaa711aba3f58860f2091b7b96e76690
03730459feb0a86e6a56c29af2af6fb4e516d587
587ff282a9d087e659ac507347694e0e488bfa32
c09df344f0e37d48768ec606cbeb25b0f6250a24
Comment 19 Samba QA Contact 2022-12-14 12:41:45 UTC 
This bug was referenced in samba v4-17-test:

121c471b5ee0c63a2882f7442616b761f19c5292
810b57b19dd464a7cad163e127e7428bd782e68d
d39c37292f937073cb7ccc35b96aaea31b06bd5d
285ecad0a84b97dc08cec50869d1bfb72ca1e347
6c7aa761f3b92105eac57da6a235ce5cd68f0bc4
ff5f2c81e97660d63ef000179db2a83917bf3ed0
15253c4da8850a0fd8b07fdebf3ee86c4538912e
b04f9cd924e935fdc65334b61ae68a72eea911ad
935664333165c57168f9e666c20b886f611dbc96
911874a95825e37746f8c0d0f6b8511a0115d6a2
a31898e1769fc42c9699a4e5d754be1df0628acd
4d143e92adf4c8ca5ababb4a934edd34bc0ad706
a656f2a3d66eed1a3f57077443b14f067bea18e7
84d5354026887f088c8bbf25d46738935105de56
07518e76dc941f2630842608d36ef76705f9fb20
eb1f1c375488e5803660a342c7ce9b80367d3dda
f69766398ef0526c7327f0b046c51320c5b9723a
c919351058b5c26476ed3f7093994f0f26c70e54
277bd2c6d312ce7ca348fd4071fe10ac18a0b4f7
2cb10f9648e82e5c407ab976e3e673c07451b1dd
1d2e938ab674e19e879987dccf778d584b65a6fb
f0cdff380b8265d43b16e4558e240448d9fca346
ff1c42ee45126824df6b4ec73f4aff8f91a406af
cf649bf27723eff5fe0de8fd77b9c6577eb7d4bb
de639278eb130ca899a457fd4004bc45eee2c809
65d8624cd2187f896b4edf2b917b505538837866
8f7d77ecb522146ab63c61136bd4e3d314511e72
e5e03583f194ec783f70d2a08c2fbd862e5be0e9
0d4f8c70446a7fe473d0aa5ed6579f418828a98f
f4d487bda5387ef5bb8a20f5e431d6f680b0c819
Comment 20 Stefan Metzmacher 2022-12-15 13:57:40 UTC 
Created attachment 17705 [details]
CVE-2022-38023-RejectMd5Clients-v4-ready.txt
Comment 21 Samba QA Contact 2022-12-15 16:31:17 UTC 
This bug was referenced in samba v4-15-stable (Release samba-4.15.13):

1040fa4c23509234af5ca5bf4c190c80183d39b4
ddafd6dc7706e74e74ce96039ac8006b9b2e05ad
deffd8ea00fecbbf61c4a26279176fe0ae3fe438
ae1f4644245237fe76bb162af8e95c42903e4eca
4dc0b8d0a89b0aea865f8508ca3f0d68f50c6f12
f1cb8950583c12eaa5cbe907d0b16923f7187541
18bcf0b6496d4ed9d76d23f82674935bd275dc3b
de121d6c613c6e83e49f2622391d1705077646a4
9669a41693b8da410cf57e21f2de7c7e6e4c4235
b9269801ed6bc034da924cdedd0b6a2938a1379f
643b4c1b95e40e46af14afa60aa42b0fcf1cf446
e02e8ad46b02a4c16f575b6371eea8ea66dee067
0be35930722530e5befa16a65a16232393258057
90f06ad6d7d00fc51a2d64557cf58739fef851c1
33a814d745c0c2dd4e49582fbee892471620bfcd
ade168df393064dd25a6e540e06332dcd1803297
5154471bca2162c14c91ebd02148be521e333817
a0c68f4caaa0771dcde074906956335c9e458bdf
4cb1e57caaf537c760de95a4a4e300ff8c711dfe
b7f0e7f2ccc9c07b2daa0dc6d66ea117108e9a4f
ba1482a18a807a5db4d1bd84640a0d5d83fcd9c3
08b69ca61f747a74c5a6634d25ce35e43e145ecd
57986cad714cc2f738c7482208204ed4e18b1f19
2b0dc83e0642f7b1f41b6184fb6e20320cd96b63
dba546dbfa5dcaa22ed828c2f5b7fa9c8cb6242e
15792b4035d520ad5a0bf4888fa5d6bedb8937aa
93e4e50d250a85c9b0308c3f899ab00f47f427df
28ac3faa51c66b005a90c527393fa7c2d43d4c31
d10dfa85819750f4665dc5fa974f35ce7871acf8
Comment 22 Samba QA Contact 2022-12-15 16:33:17 UTC 
This bug was referenced in samba v4-17-stable (Release samba-4.17.4):

121c471b5ee0c63a2882f7442616b761f19c5292
810b57b19dd464a7cad163e127e7428bd782e68d
d39c37292f937073cb7ccc35b96aaea31b06bd5d
285ecad0a84b97dc08cec50869d1bfb72ca1e347
6c7aa761f3b92105eac57da6a235ce5cd68f0bc4
ff5f2c81e97660d63ef000179db2a83917bf3ed0
15253c4da8850a0fd8b07fdebf3ee86c4538912e
b04f9cd924e935fdc65334b61ae68a72eea911ad
935664333165c57168f9e666c20b886f611dbc96
911874a95825e37746f8c0d0f6b8511a0115d6a2
a31898e1769fc42c9699a4e5d754be1df0628acd
4d143e92adf4c8ca5ababb4a934edd34bc0ad706
a656f2a3d66eed1a3f57077443b14f067bea18e7
84d5354026887f088c8bbf25d46738935105de56
07518e76dc941f2630842608d36ef76705f9fb20
eb1f1c375488e5803660a342c7ce9b80367d3dda
f69766398ef0526c7327f0b046c51320c5b9723a
c919351058b5c26476ed3f7093994f0f26c70e54
277bd2c6d312ce7ca348fd4071fe10ac18a0b4f7
2cb10f9648e82e5c407ab976e3e673c07451b1dd
1d2e938ab674e19e879987dccf778d584b65a6fb
f0cdff380b8265d43b16e4558e240448d9fca346
ff1c42ee45126824df6b4ec73f4aff8f91a406af
cf649bf27723eff5fe0de8fd77b9c6577eb7d4bb
de639278eb130ca899a457fd4004bc45eee2c809
65d8624cd2187f896b4edf2b917b505538837866
8f7d77ecb522146ab63c61136bd4e3d314511e72
e5e03583f194ec783f70d2a08c2fbd862e5be0e9
0d4f8c70446a7fe473d0aa5ed6579f418828a98f
f4d487bda5387ef5bb8a20f5e431d6f680b0c819
Comment 23 Samba QA Contact 2022-12-15 16:35:45 UTC 
This bug was referenced in samba v4-16-stable (Release samba-4.16.8):

af08dd3e25a660c3bb4427f4dc3cd847cc083112
421398ce5ebd9c031ae2c3333d8119d39f616feb
b0dbc395510a90f47d306eab7ff91ad95ccf6268
1fe8857b4d90809ff5b160c73e3d2c28acd3ce65
8a7df0920b76c1a8887200b99e032cc4cb3fc9db
a2388a06cba159ef51af12e69682c6651b836783
08e2a933933a3044914c95be1667b3072436ceed
2139565c2fe0f928ed15393d2b8216392b04f36b
a5996700aded774bcaf61c48af900b8f8d5bb112
0c32166174b36af5a31758dafe88820ff03b9aa9
88018634c78b589185e877e6d7e4f10894c32a0b
82af786a36bd070f1191e6040a65a46893d10b3a
066dafb07a1ee96af75677a1b4c25f8f4a28e0dd
3f4c9c13b1fe79351537fa064f9b39f6cd6f68b1
35ff1221013b5bce7901ebd2bd5ba0089a058de2
852763adc2211347f105cc181ca8abfd79490073
bc78864cb5ff3d37c4efe59888f6150671fc0897
c25546926f57b66c9b19c8a0fca8a40e85aa400a
d2dc3622d4522cbc224fcae384475bf7430988cf
3075f65e5d5e440bcb7b0721e603fe174b764827
80d0238679fb6c0e7df96a8f628f8d4696e8190c
729e905776c5a90e6d4a4855fb82300125a65fd4
3f7cd285b79a113cacec0309fce9bfb303c0f417
abba8c4579f41f267d9b48d2adaac2b5228edcb0
9f809e2dd39e9f5dce5454fb64dd0472ebcb2e10
d04da3d7008d7bcd55eff70400d5834342925013
1d9c939ebaa711aba3f58860f2091b7b96e76690
03730459feb0a86e6a56c29af2af6fb4e516d587
587ff282a9d087e659ac507347694e0e488bfa32
c09df344f0e37d48768ec606cbeb25b0f6250a24
Comment 24 Samba QA Contact 2023-01-09 15:18:04 UTC 
This bug was referenced in samba master:

8141eae47aad849741beb138fae866c772e4ec4c
3cd18690f83d2f85e847fc703ac127b4b04189fc
d9e6b490db3ead7e79bb3ff0c1f9ef8ab8bdc65b
121e7b0e39478c5291100652ac92c263f406076b
25300d354c80995997d552581cd91dddaf4bbf48
ca07f4340ce58a7e940a1123888b7409176412f7
a0b97e262318dc56fe663da89b0ee3172b2e7848
02fba22b8c9e9b33ab430555ef45500c45eaa9d1
56837f3d3169a02d0d92bd085d9c8250415ce29b
Comment 25 Samuel Cabrero 2023-01-12 09:39:27 UTC 
Created attachment 17726 [details]
Patch for S3 netlogon server (v4.17)
Comment 26 Samuel Cabrero 2023-01-12 09:44:51 UTC 
Created attachment 17727 [details]
Patch for S3 netlogon server (v4.16)
Comment 27 Samuel Cabrero 2023-01-12 09:45:56 UTC 
Created attachment 17728 [details]
Patch for S3 netlogon server (v4.15)
Comment 29 Andreas Schneider 2023-01-13 17:29:42 UTC 
Jule, we have additional patches we need for the branches. Can you please apply them?
Comment 30 Samuel Cabrero 2023-01-19 10:52:06 UTC 
Created attachment 17736 [details]
Backport for v4-11-test

Pipeline: https://gitlab.com/scabrero/samba/-/pipelines/751712796
Comment 31 Jule Anger 2023-01-23 09:05:39 UTC 
Pushed to autobuild-v4-{17,16,15}-test.
Comment 32 Samba QA Contact 2023-01-23 10:02:04 UTC 
This bug was referenced in samba v4-15-test:

f79e03a9d95c5e003751023b1da701cff1a9b765
f82c786072aaf3fe8ecf6762f3c8f3ab6203d7e1
285e873b51fc5608d764b98269b8d3d85c2c7841
9d7732e8225d42974445c044a69b4615bfd7b301
4975adda2c9e44ee5dc7043e64949d93cfd18f84
431c730c6e773532dd2f9cace589a9028717d185
fea95d10a23c984872fd23e7ca49ff580ab3b125
1e6772da7ac1260581d6c5141c48f2be726c0160
07ba1038cdcb1e85b8fc687781e92c6c69d26a70
Comment 33 Samba QA Contact 2023-01-23 10:28:20 UTC 
This bug was referenced in samba v4-17-test:

5a49be37d88c176edeb109d22d38c900bfae41be
6d31e359fbfbb2d635c837184551bdd513e16a22
71185d09ef8f0057810307de5a04650b91e2d931
600a91f4bee7a19ec57e990d5673b289ff1455a5
de2e2045bbbd8f2fdddfa4471f6c4b0b4b01368a
03a65b246b57645993887a087d6d8349aec7a4e1
67cdc5dec01e48d33c8284c17c9b230073397959
d737d6b8e2c74542cffa6d7549803dca1d1230c2
0b3fab18954c9968159beee35b118fe12297c756
Comment 34 Samba QA Contact 2023-01-23 11:00:15 UTC 
This bug was referenced in samba v4-16-test:

cc787d0becb06fb0aac01c8464f6b53188385aea
71b22920a6c4118d3bc62d1582bdeab33f9e5656
538dcc38faab4dd6f4568022ebb0b3d92d1c6f33
0d27e4b4598b1d8f3cb8852c2104d201aacebac1
080ff2cd28481f39552571c30b23ec3d08811b7b
7f4f9a3277b28b85c5d280775f9f3571c77f1c07
55900577757019bbdf16128cf0d7cee356770247
3e7bbe047fef8e5f907d1b3725f1d0d40996fbd1
02e56ac1bb5c97e10b57c76c0f14fc9b3b06779d
Comment 35 Jule Anger 2023-01-23 11:50:50 UTC 
Closing out bug report.

Thanks!
Comment 36 Samba QA Contact 2023-01-26 17:51:42 UTC 
This bug was referenced in samba v4-17-stable (Release samba-4.17.5):

5a49be37d88c176edeb109d22d38c900bfae41be
6d31e359fbfbb2d635c837184551bdd513e16a22
71185d09ef8f0057810307de5a04650b91e2d931
600a91f4bee7a19ec57e990d5673b289ff1455a5
de2e2045bbbd8f2fdddfa4471f6c4b0b4b01368a
03a65b246b57645993887a087d6d8349aec7a4e1
67cdc5dec01e48d33c8284c17c9b230073397959
d737d6b8e2c74542cffa6d7549803dca1d1230c2
0b3fab18954c9968159beee35b118fe12297c756
Comment 37 Samba QA Contact 2023-02-16 16:37:09 UTC 
This bug was referenced in samba v4-16-stable (Release samba-4.16.9):

cc787d0becb06fb0aac01c8464f6b53188385aea
71b22920a6c4118d3bc62d1582bdeab33f9e5656
538dcc38faab4dd6f4568022ebb0b3d92d1c6f33
0d27e4b4598b1d8f3cb8852c2104d201aacebac1
080ff2cd28481f39552571c30b23ec3d08811b7b
7f4f9a3277b28b85c5d280775f9f3571c77f1c07
55900577757019bbdf16128cf0d7cee356770247
3e7bbe047fef8e5f907d1b3725f1d0d40996fbd1
02e56ac1bb5c97e10b57c76c0f14fc9b3b06779d