Kerberos and RPC Elevation of Privilege Vulnerabilities
Users of a Samba server configured as an Active Directory domain controller affected by elevation of privilege vulnerabilities
Summary
This vulnerability applies to functionality when the system is acting as an Active Directory domain controller. No Buffalo NAS products use this functionality, and so no Buffalo sytems are affected by this vulnerability. The Kerberos implementation in Samba is essentially identical to the Windows implementation where this vulnerability is concerned, so while this issue was initially reported by Microsoft, it is assumed that Linux implementations of Samba acting as an AD Server are also affected.
| Vulnerability ID | Vulnerability Overview |
|---|---|
| CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability |
| CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability |
| CVE-2022-45141 | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). |
Affected Supported TeraStations
None
| Date | Description |
| 6/23/2022 | Initial release |