CVE-2022-0336 Detail
Current Description
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
Analysis Description
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
Severity
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration
CWE-ID | CWE Name | Source |
---|---|---|
CWE-276 | Incorrect Default Permissions | NIST Red Hat, Inc. |
Change History
1 change records found show changes
Initial Analysis 9/01/2022 4:05:40 PM
Action | Type | Old Value | New Value |
---|---|---|---|
Added | CPE Configuration |
OR *cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (excluding) 4.13.17 *cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.12 *cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* versions from (including) 4.15.0 up to (excluding) 4.15.4 |
|
Added | CPE Configuration |
OR *cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
Added | CVSS V3.1 |
NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
Added | CWE |
NIST CWE-276 |
|
Changed | Reference Type |
https://access.redhat.com/security/cve/CVE-2022-0336 No Types Assigned |
https://access.redhat.com/security/cve/CVE-2022-0336 Issue Tracking, Third Party Advisory |
Changed | Reference Type |
https://bugzilla.redhat.com/show_bug.cgi?id=2046134 No Types Assigned |
https://bugzilla.redhat.com/show_bug.cgi?id=2046134 Issue Tracking, Third Party Advisory |
Changed | Reference Type |
https://bugzilla.samba.org/show_bug.cgi?id=14950 No Types Assigned |
https://bugzilla.samba.org/show_bug.cgi?id=14950 Issue Tracking, Patch, Vendor Advisory |
Changed | Reference Type |
https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c No Types Assigned |
https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c Patch, Third Party Advisory |
Changed | Reference Type |
https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400 No Types Assigned |
https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400 Patch, Third Party Advisory |
Changed | Reference Type |
https://www.samba.org/samba/security/CVE-2022-0336.html No Types Assigned |
https://www.samba.org/samba/security/CVE-2022-0336.html Vendor Advisory |
Quick Info
CVE Dictionary Entry:
CVE-2022-0336
NVD Published Date:
08/29/2022
NVD Last Modified:
09/01/2022
Source:
Red Hat, Inc.