The free program package Samba is vulnerable to five security holes. Security patches are available.
Attackers could target vulnerabilities in Samba in order to gain extensive access to systems. Updated versions remedy the situation.
With Samba, Windows functions such as file and printer services are made available across platforms as a domain controller. Due to security problems when handling keys, attackers could change admin passwords, for example. It is also possible to provoke crashes.
Hostile domain takeover
The most dangerous is considered a vulnerability (CVE-2022-32744 “high’) affecting the kpasswd service. Attackers could encrypt requests with their own key at this point, which are then accepted. It should also be possible to change the passwords of other users. If this happens to an admin account, it could result in a full domain takeover.
The remaining vulnerabilities are with the threat level “medium“ classified. Attackers could launch DoS attacks or data leaks here. The developers state that the security problems in Samba 4.16.4, 4.15.9 and 4.14.14 to have solved.
List sorted by threat level in descending order:
- Samba AD users can forge password change requests for any user
- Samba AD users can bypass certain restrictions associated with changing passwords
- Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request
- Samba AD users can crash the server process with an LDAP add or modify request
- Server memory information leak via SMB1
