Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | samba | < 2:4.16.0+dfsg-2 | samba_2:4.16.0+dfsg-2_all.deb |
Debian | 11 | all | samba | <= 2:4.13.13+dfsg-1~deb11u5 | samba_2:4.13.13+dfsg-1~deb11u5_all.deb |
Debian | 10 | all | samba | <= 2:4.9.5+dfsg-5+deb10u3 | samba_2:4.9.5+dfsg-5+deb10u3_all.deb |
Debian | 999 | all | samba | < 2:4.16.0+dfsg-2 | samba_2:4.16.0+dfsg-2_all.deb |
Debian | 13 | all | samba | < 2:4.16.0+dfsg-2 | samba_2:4.16.0+dfsg-2_all.deb |