The open-source software suite Samba has issued critical updates to address several high-severity vulnerabilities that pose significant risks to system security. If exploited, these flaws could allow unauthorized users to gain control over the affected systems.
The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in the latest versions of Samba—4.17.4, 4.16.8, and 4.15.13—released on December 15, 2022. These updates are essential for organizations utilizing Samba as part of their Windows interoperability operations on Linux, Unix, and macOS platforms, which support file sharing, printing, and Active Directory services.
A detailed examination of the weaknesses reveals that CVE-2022-38023 involves the use of the outdated RC4-HMAC Kerberos encryption type, ultimately exposing systems to potential malicious attacks. Both CVE-2022-37966 and CVE-2022-37967 are particularly concerning as they enable attackers to escalate privileges within the Windows Kerberos system.
Another significant vulnerability, CVE-2022-45141, deals with the usage of RC4-HMAC encryption during the issuance of Kerberos tickets in Samba Active Directory domain controllers utilizing Heimdal. The high CVSS scores for these vulnerabilities—ranging from 7.2 to 8.1—underscore their severity and the urgent need for remediation.
Of particular note, CVE-2022-37966 and CVE-2022-37967 were initially disclosed by Microsoft during its November 2022 Patch Tuesday updates and are critical as they could help attackers gain administrative privileges within an organization’s network.
The potential implications of these vulnerabilities have been further elaborated by cybersecurity experts, who indicate that an unverified attacker could exploit cryptographic weaknesses outlined in RFC 4757, specifically targeting Kerberos encryption types. This could allow for serious security feature circumvention within Windows Active Directory environments.
These software updates are timely, coinciding with recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which announced 41 advisories concerning vulnerabilities affecting various Industrial Control Systems, including products from Siemens and Prosys OPC.
Organizations employing Samba are urged to implement these updates without delay to mitigate the risk associated with these vulnerabilities. The swift action can protect systems from possible exploitation by leveraging tactics outlined in the MITRE ATT&CK framework, such as initial access, privilege escalation, and laterally moving across networks using compromised credentials.