Denial-of-Service Vulnerability in Samba Active Directory Domain Controller
CVE-2022-0336

8.8HIGH

Key Information:

Vendor

Samba

Status
Samba
Vendor
CVE Published:
29 August 2022
đź”” Create Samba Vulnerability Alert

What is CVE-2022-0336?

This vulnerability in Samba's Active Directory Domain Controller allows attackers to bypass certain checks when adding Service Principal Names (SPNs). An attacker with the ability to modify an account can potentially retransmit an existing SPN. This reintroduction of an SPN can lead to denial-of-service scenarios by matching existing services. Furthermore, if an attacker can intercept network traffic, they could impersonate legitimate services, undermining the confidentiality and integrity of communication within affected environments. Organizations using Samba should review their configurations and patch any vulnerable components promptly.

Affected Version(s)

Samba Affects Samba v4.0.0 and later, Fixed in samba v4.13.17, v4.14.12, v4.15.4.

References

https://www.samba.org/samba/security/CVE-2022-0336.html
x_refsource_MISC
https://bugzilla.samba.org/show_bug.cgi?id=14950
x_refsource_MISC
https://github.com/samba-team/samba/commit/1a5dc817c0c937...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.