Test ID:	1.3.6.1.4.1.25623.1.0.104475
Category:	Privilege escalation
Title:	Samba Elevation of Privilege Vulnerability (CVE-2022-45141)
Summary:	Samba is prone to an elevation of privilege vulnerability.
Description:	Summary: Samba is prone to an elevation of privilege vulnerability. Vulnerability Insight: Kerberos, the trusted third party authentication system at the heart of Active Directory, issues a ticket using a key known to the target server but nobody else, returned to the client in a TGS-REP. This key needs to be of a type understood only by the KDC and target server. However, due to a coding error subsequently addressed in all recent Heimdal versions and so fixed with Samba 4.16 (which imports Heimdal 8.0pre), the (attacking) client would be given the opportunity to select the encryption type, and so obtain a ticket encrypted with rc4-hmac, that it could attack offline. This is possible unless rc4-hmac is totally removed from the server's account, by removing the unicodePwd attribute, but this will break other aspects of the server's operation in the domain (NETLOGON in particular). Affected Software/OS: Samba versions prior to 4.15.13. Solution: Update to version 4.15.13, 4.16.0 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-45141 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-45141.html
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.