Samba Fixed Vulnerabilities That Allow for Full Domain Takeover

⚡ TL;DR | Go Straight to the Samba Vulnerabilities Report

Samba has released several security patches addressing 5 vulnerabilities with a CVSS base score between 8.8 and 4.3. Each of these vulnerabilities affects a number of different versions of Samba and may lead to elevation of privileges, account takeovers, loss of availability, confidentiality, and integrity, corrupted log output, and even full domain takeover.

The most severe vulnerability with a base score of 8.8. causes the KDC to accept kpasswd requests encrypted with any key known to it. This would allow a user to change the password of other users by encrypting forged kpasswd requests with its own key. This could deny users access to their accounts as well as allow an attacker to gain full control of the domain by changing the password of an administrator.

You can find more details on all 5 vulnerabilities listed below.

Update Vulnerable Samba Installations

All affected releases are listed on Samba's Security Advisories which can be accessed, along with the patches addressing the issues via their Security Releases page. Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued to fix these vulnerabilities. Users are advised to upgrade to these releases or apply the patches as soon as possible.

Discover Vulnerable Devices

Samba's security advisories list all affected versions, as well as the version numbers that contain the new fixes. We've used this information to create a special Lansweeper report that will provide a list of all devices in your environment that could be affected by the vulnerabilities. This way you have an actionable list of devices that might require a patch or update.

Samba August 2022 CVE Codes & Descriptions

CVE IDDescriptionBase Score
CVE-2022-32744The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change the passwords of other users, enabling full domain takeover.8.8
CVE-2022-2031The KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password can exploit this to obtain and use tickets to other services.5.4
CVE-2022-32745Samba AD users can cause the server to access uninitialised data with an LDAP add or modify requests, usually resulting in a segmentation fault.5.4
CVE-2022-32746The AD DC database audit logging module can be made to access LDAP message values that have been freed by a preceding database module, resulting in a use-after-free. This is only possible when modifying certain privileged attributes, such as userAccountControl.5.4
CVE-2022-32742SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.4.3
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​