Main Vulnerability Database Vulnerabilities #VU60185

Insufficient verification of data authenticity in Samba - CVE-2022-0336

Published: January 31, 2022

Vulnerability identifier: #VU60185

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-0336

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Samba

Affected software:
Samba

Detailed vulnerability description

The vulnerability allows a local user to impersonate arbitrary services.

The vulnerability exists due to Samba AD DC relies only on SPN (service principals name) to identify services on the network. An attacker with ability to modify SPNs can bypass implemented protection and cause a denial of service condition by adding an SPN that matches an existing service or impersonate services on the network.

How to mitigate CVE-2022-0336

Install updates from vendor's website.

Sources

https://www.samba.org/samba/security/CVE-2022-0336.html

Insufficient verification of data authenticity in Samba - CVE-2022-0336

Detailed vulnerability description

How to mitigate CVE-2022-0336

Sources

Please verify you're human