A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Samba | Samba | 4.0.0 (including) | 4.13.14 (excluding) |
Samba | Samba | 4.14.0 (including) | 4.14.10 (excluding) |
Samba | Samba | 4.15.0 (including) | 4.15.2 (excluding) |
Samba | Ubuntu | bionic | * |
Samba | Ubuntu | devel | * |
Samba | Ubuntu | esm-infra-legacy/trusty | * |
Samba | Ubuntu | esm-infra/bionic | * |
Samba | Ubuntu | esm-infra/xenial | * |
Samba | Ubuntu | focal | * |
Samba | Ubuntu | hirsute | * |
Samba | Ubuntu | impish | * |
Samba | Ubuntu | jammy | * |
Samba | Ubuntu | kinetic | * |
Samba | Ubuntu | lunar | * |
Samba | Ubuntu | trusty/esm | * |
Samba | Ubuntu | upstream | * |
Red Hat Enterprise Linux 7 | RedHat | ipa-0:4.6.8-5.el7_9.10 | * |
Red Hat Enterprise Linux 8 | RedHat | idm:DL1-8050020211208123445.acb078e8 | * |
Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | idm:DL1-8020020211215161923.2ef9514c | * |
Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | idm:DL1-8040020211214110257.5b01ab7e | * |