CVE-2022-32744 — Authentication Bypass by Spoofing in Samba

CWE-290 — Authentication Bypass by Spoofing8 documents7 sources

Severity

8.8HIGHNVD

OSV6.5

EPSS

0.5%

top 35.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Msrc Azl3 Samba 4.18.3-1 ON Azure Linux 3.0 +2 more

Timeline

PublishedAug 25

Latest updateAug 26

Description

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDsamba/samba4.3.0 — 4.14.14+2

▶debiandebian/samba< samba 2:4.16.4+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.13.13+dfsg-1~deb11u5+3

▶Ubuntusamba/samba< 2:4.13.17~dfsg-0ubuntu1.20.04.1+1

▶CVEListV5samba/sambaVersions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14

Patches

Patch: www.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-6p44-5x7x-8vxj: A flaw was found in Samba↗2022-08-26

▶

OSV

CVE-2022-32744: A flaw was found in Samba↗2022-08-25

▶

OSV

samba vulnerabilities↗2022-08-01

▶

📋Vendor Advisories

Microsoft

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key a user can change other users' passwords enabling↗2022-08-09

▶

Ubuntu

Samba vulnerabilities↗2022-08-01

▶

Red Hat

samba: AD users can forge password change requests for any user↗2022-07-27

▶

Debian

CVE-2022-32744: samba - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any k...↗2022

▶