Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in     winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic     challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan     manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can     trigger an out-of-bounds read in Winbind, possibly resulting in a crash. (CVE-2022-2127)

  - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov     8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will     issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-     hmac-sha1-96). (CVE-2022-45141)

  - An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing     Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not     validate a field in the network packet that contains the count of elements in an array-like structure. By     passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This     flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a     denial of service condition. (CVE-2023-34966)

  - A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing     Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys     are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a     lack of type checking in callers of the dalloc_value_for_key() function, which returns the object     associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the     passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client     connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker     process, affecting all other clients this worker serves. (CVE-2023-34967)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in     winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic     challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan     manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can     trigger an out-of-bounds read in Winbind, possibly resulting in a crash. (CVE-2022-2127)

  - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov     8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will     issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-     hmac-sha1-96). (CVE-2022-45141)

  - An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing     Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not     validate a field in the network packet that contains the count of elements in an array-like structure. By     passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This     flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a     denial of service condition. (CVE-2023-34966)

  - A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing     Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys     are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a     lack of type checking in callers of the dalloc_value_for_key() function, which returns the object     associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the     passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client     connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker     process, affecting all other clients this worker serves. (CVE-2023-34967)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202309-06 (Samba: Multiple Vulnerabilities)

  - Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in     Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in     filenames in a TAR archive, a related issue to CVE-2001-1267. (CVE-2007-4559)

  - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to     retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
    (CVE-2016-2124)

  - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)

  - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use     this flaw to cause possible privilege escalation. (CVE-2020-25717)

  - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC     (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)

  - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-     based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did     not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total     domain compromise. (CVE-2020-25719)

  - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now     provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
    (CVE-2020-25721)

  - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored     data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)

  - MaxQueryDuration not honoured in Samba AD DC LDAP (CVE-2021-3670)

  - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections     via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb     database. However while the database was correctly shared, the user credentials state was only pointed at,     and when one connection within that association group ended, the database would be left pointing at an     invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-     after-free could instead allow different user state to be pointed at and this might allow more privileged     access. (CVE-2021-3738)

  - A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute     force attacks being successful if special conditions are met. (CVE-2021-20251)

  - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated     attacker with permissions to read or modify share metadata, to perform this operation outside of the     share. (CVE-2021-20316)

  - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large     DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data,     bypassing the signature requirements. (CVE-2021-23192)

  - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to     determine if a file or directory exists in an area of the server file system not exported under the share     definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
    (CVE-2021-44141)

  - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility     with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to     4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via     specially crafted extended file attributes. A remote attacker with write access to extended file     attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

  - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that     SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an     account modification re-adds an SPN that was previously present on that account, such as one added when a     computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to     perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an     attacker who can intercept traffic can impersonate existing services, resulting in a loss of     confidentiality and integrity. (CVE-2022-0336)

  - In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. (CVE-2022-1615)

  - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a     single account and set of keys, allowing them to decrypt each other's tickets. A user who has been     requested to change their password, can exploit this flaw to obtain and use tickets to other services.
    (CVE-2022-2031)

  - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and     unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI     library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a     maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the     application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

  - A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will     make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported     part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside     the 'smbd' configured share path and gain access to another restricted server's filesystem.
    (CVE-2022-3592)

  - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client     had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or     printer) instead of client-supplied data. The client cannot control the area of the server memory written     to the file (or printer). (CVE-2022-32742)

  - Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit     unprivileged users to write it. (CVE-2022-32743)

  - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By     encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling     full domain takeover. (CVE-2022-32744)

  - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP     add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)

  - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP     message values freed by a preceding database module, resulting in a use-after-free issue. This issue is     only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)

  - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)

  - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)

  - Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)

  - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that     may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit     platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other     platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.
    (CVE-2022-42898)

  - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov     8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will     issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-     hmac-sha1-96). (CVE-2022-45141)

  - A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise     unprivileged users to delete this attribute from any object in the directory. (CVE-2023-0225)

  - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP     filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a     Samba AD DC. (CVE-2023-0614)

  - The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new     or reset passwords over a signed-only connection. (CVE-2023-0922)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute     force attacks being successful if special conditions are met. (CVE-2021-20251)

  - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and     unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI     library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a     maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the     application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

  - Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)

  - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that     may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit     platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other     platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has 'a similar bug.'     (CVE-2022-42898)

  - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov     8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will     issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-     hmac-sha1-96). (CVE-2022-45141)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov     8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will     issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-     hmac-sha1-96). (CVE-2022-45141)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-032 advisory.

 - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
 (CVE-2016-2124)

 - A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. (CVE-2020-17049)

 - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. (CVE-2021-20316)

 - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)

 - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
 (CVE-2021-44141)

 - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)

 - In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. (CVE-2022-1615)

 - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)

 - Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. (CVE-2022-32743)

 - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)

 - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

 - A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
 (CVE-2022-3592)

 - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)

 - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)

 - Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)

 - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts- hmac-sha1-96). (CVE-2022-45141)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5936-1 advisory.

    Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A     remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
    (CVE-2022-3437)

    Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could     possibly use this issue to elevate privileges. (CVE-2022-37966, CVE-2022-37967)

    It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. A remote attacker     could possibly use this issue to elevate privileges. (CVE-2022-38023)

    Greg Hudson discovered that Samba incorrectly handled PAC parsing. On 32-bit systems, a remote attacker     could use this issue to escalate privileges, or possibly execute arbitrary code. (CVE-2022-42898)

    Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets. A remote     attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS     and Ubuntu 22.04 LTS. (CVE-2022-45141)

    WARNING: This update upgrades the version of Samba to 4.15.13. Please see the upstream release notes for     important changes in the new version:

    https://www.samba.org/samba/history/samba-4.15.0.html

    In addition, the security fixes included in this new version introduce several important behavior changes     which may cause compatibility problems interacting with systems still expecting the former behavior.
    Please see the following upstream advisories for more information:

    https://www.samba.org/samba/security/CVE-2022-37966.html     https://www.samba.org/samba/security/CVE-2022-37967.html     https://www.samba.org/samba/security/CVE-2022-38023.html

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5822-1 advisory.

    It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could     possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10.
    (CVE-2021-20251)

    Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A     remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
    (CVE-2022-3437)

    Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could     possibly use this issue to elevate privileges. (CVE-2022-37966, CVE-2022-37967)

    It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. A remote attacker     could possibly use this issue to elevate privileges. (CVE-2022-38023)

    Greg Hudson discovered that Samba incorrectly handled PAC parsing. On 32-bit systems, a remote attacker     could use this issue to escalate privileges, or possibly execute arbitrary code. (CVE-2022-42898)

    Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets. A remote     attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS     and Ubuntu 22.04 LTS. (CVE-2022-45141)

    WARNING: The fixes included in these updates introduce several important behavior changes which may cause     compatibility problems interacting with systems still expecting the former behavior. Please see the     following upstream advisories for more information:

    https://www.samba.org/samba/security/CVE-2022-37966.html     https://www.samba.org/samba/security/CVE-2022-37967.html     https://www.samba.org/samba/security/CVE-2022-38023.html

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Samba running on the remote host is prior to 4.15.13, 4.16.x prior to 4.16.8, or 4.17.x prior to 4.17.4.  It is, therefore, affected by multiple vulnerabilities:

  - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. (CVE-2022-37966, CVE-2022-45141)

  - Windows Kerberos Elevation of Privilege Vulnerability. (CVE-2022-37967)

  - Netlogon RPC Elevation of Privilege Vulnerability. (CVE-2022-38023)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of samba installed on the remote host is prior to 4.15.13 / 4.17.4. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-351-01 advisory.

  - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov     8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will     issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-     hmac-sha1-96). (CVE-2022-45141)

  - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)

  - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)

  - Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
188904	EulerOS 2.0 SP8 : samba (EulerOS-SA-2023-3157)	Nessus	Huawei Local Security Checks	critical
188712	EulerOS Virtualization 3.0.6.0 : samba (EulerOS-SA-2023-3453)	Nessus	Huawei Local Security Checks	critical
181514	GLSA-202309-06 : Samba: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
176833	EulerOS Virtualization 2.11.1 : samba (EulerOS-SA-2023-2076)	Nessus	Huawei Local Security Checks	critical
176801	EulerOS Virtualization 2.11.0 : samba (EulerOS-SA-2023-2128)	Nessus	Huawei Local Security Checks	critical
175270	EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-1791)	Nessus	Huawei Local Security Checks	critical
175265	EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-1769)	Nessus	Huawei Local Security Checks	critical
173148	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)	Nessus	Amazon Linux Local Security Checks	critical
172367	Ubuntu 20.04 LTS : Samba vulnerabilities (USN-5936-1)	Nessus	Ubuntu Local Security Checks	critical
170562	Ubuntu 20.04 LTS / 22.04 LTS : Samba vulnerabilities (USN-5822-1)	Nessus	Ubuntu Local Security Checks	critical
169505	Samba < 4.15.13 / 4.16.x < 4.16.8 / 4.17.x < 4.17.4 Multiple Vulnerabilities	Nessus	Misc.	critical
168899	Slackware Linux 15.0 / current samba Multiple Vulnerabilities (SSA:2022-351-01)	Nessus	Slackware Local Security Checks	critical

Detections

Analytics

CVE-2022-45141

critical

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical