Dangerous Samba bug could lock administrators out of their domains
Network admins using Samba should patch the service as soon as possible to fix a critical security vulnerability, Naked Security’s Paul Ducklin reported.
The vulnerability has a common vulnerabilities and exposures identifier of CVE-2022-32744.
Samba is an open-source toolkit that lets Linux and other Unix-like operating systems talk to Windows networks and allows network administrators to host Active Directory domains without expensive Windows servers.
According to CVE-2022-32744’s bug description, “Samba Active Directory users can forge password change requests for any user.”
“In theory, the CVE-2022-32744 bug could be exploited by any user on the network,” Ducklin said.
Attackers can exploit the vulnerability to execute a print-your-own passport (PYOP) attack.
Ducklin said that this is when you’re asked to prove your identity and do so by presenting an “official” document you created yourself.
Ducklin explained that attackers could brute-force Samba’s password-changing service to access the administrator account.
“Attackers could wrangle Samba’s password-changing service, known as kpasswd, through a series of failed password change attempts until it finally accepted a password change request that the attackers themselves authorised,” Ducklin said.
Samba’s release notes describe the attack as follows:
“By setting the ticket’s server name to a principal associated with their own account, or by exploiting a fallback where known keys would be tried until a suitable one was found, an attacker could have the server accept tickets encrypted with any key, including their own.”
“A user could thus change the Administrator account’s password and gain total control over the domain. Full loss of confidentiality and integrity would be possible, as well as of availability by denying users access to their accounts.”
A successful attack would allow bad actors to alter files and lock users out.
Samba’s latest security patches also fix four other bugs: CVE-2022-2031, CVE-2022-32745, CVE-2022-32746, and CVE-2022-32742.
Samba has advised administrators to upgrade to the latest security releases as soon as possible.
Loading ...