CVE-2022-45141
Summary
| CVE | CVE-2022-45141 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-06 23:15:00 UTC |
| Updated | 2023-09-17 09:15:00 UTC |
| Description | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). |
Risk And Classification
Problem Types: CWE-326
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security | GENTOO | security.gentoo.org | |
| Samba - Security Announcement Archive | MISC | www.samba.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183209 Debian Security Update for samba (CVE-2022-45141)
- 199130 Ubuntu Security Notification for Samba Vulnerabilities (USN-5822-1)
- 199228 Ubuntu Security Notification for Samba Vulnerabilities (USN-5936-1)
- 355336 Amazon Linux Security Advisory for samba : ALAS2023-2023-032
- 38886 Samba Weak Hashing Algorithm Vulnerability
- 502621 Alpine Linux Security Update for samba
- 503811 Alpine Linux Security Update for samba
- 672913 EulerOS Security Update for samba (EulerOS-SA-2023-1791)
- 672932 EulerOS Security Update for samba (EulerOS-SA-2023-1769)
- 673550 EulerOS Security Update for samba (EulerOS-SA-2023-3157)
- 710751 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202309-06)