| VID |
23337 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is prior to 4.15.13, 4.16.x prior to 4.16.8, or 4.17.x prior to 4.17.4. It is, therefore, affected by multiple vulnerabilities:
- Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. (CVE-2022-37966, CVE-2022-45141)
- Windows Kerberos Elevation of Privilege Vulnerability. (CVE-2022-37967)
- Netlogon RPC Elevation of Privilege Vulnerability. (CVE-2022-38023)
* References:
https://www.samba.org/samba/history/security.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-45141.html
* Platforms Affected:
Samba Project, Samba versions 4.16.x prior to 4.16.8
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.16.8 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-45141 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
