Lucene search

K
cveRedhatCVE-2022-0336
HistoryAug 29, 2022 - 3:15 p.m.

CVE-2022-0336

2022-08-2915:15:09
CWE-276
redhat
web.nvd.nist.gov
426
4
samba
ad
dc
denial-of-service
spn
security vulnerability
vulnerability
nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.004

Percentile

74.6%

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

Affected configurations

Nvd
Vulners
Node
sambasambaRange4.0.04.13.17
OR
sambasambaRange4.14.04.14.12
OR
sambasambaRange4.15.04.15.4
Node
fedoraprojectfedoraMatch34
OR
fedoraprojectfedoraMatch35
VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Samba",
    "versions": [
      {
        "version": "Affects Samba v4.0.0 and later, Fixed in samba v4.13.17, v4.14.12, v4.15.4.",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.004

Percentile

74.6%