Samba Active Directory elevation of privilege vulnerabilities

Vulnerability ID	Vulnerability Overview
CVE-2022-37966	An elevation of privilege vulnerability exists in Windows Kerberos related to the handling of Privilege Attribute Certificate (PAC) signatures. An unauthenticated attacker could exploit this vulnerability by leveraging the weaker RC4-HMAC encryption type to forge PAC signatures, allowing them to manipulate permissions and potentially gain administrative privileges within an Active Directory environment.
CVE-2022-37967	An elevation of privilege vulnerability occurs due to improper validation of Privilege Attribute Certificate (PAC) signatures by the Kerberos Key Distribution Center (KDC). An authenticated attacker could bypass security checks and alter the PAC to elevate their privileges, potentially gaining full control over the Active Directory domain by forging Kerberos tickets.
CVE-2022-38023	An elevation of privilege vulnerability exists in the Netlogon Remote Protocol (MS-NRPC). The flaw occurs when Netlogon connections fail to properly enforce RPC sealing (encryption). An attacker with network access could exploit this vulnerability to bypass security measures, impersonate legitimate domain controllers or machines, and compromise the Active Directory domain.
CVE-2022-45141	Samba, when acting as an Active Directory Domain Controller, is affected by a vulnerability in its Kerberos implementation (Heimdal) regarding the handling of RC4-HMAC encrypted tickets. Because it fails to adequately enforce Privilege Attribute Certificate (PAC) signatures, a remote attacker could exploit this by forging a PAC using the weak RC4-HMAC algorithm. This allows the attacker to gain unauthorized administrative privileges, mirroring the impact of CVE-2022-37966 in Windows environments.

Affected Supported TeraStations

None

Back to Security Notices

Date	Description
07/12/2023	Initial release

Back to Security Notices