CVE-2022-0336

NameCVE-2022-0336
DescriptionThe Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1004694

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)jessie, jessie (lts)2:4.2.14+dfsg-0+deb8u16vulnerable
stretch (security)2:4.5.16+dfsg-1+deb9u4vulnerable
stretch (lts), stretch2:4.5.16+dfsg-1+deb9u5vulnerable
buster (security), buster, buster (lts)2:4.9.5+dfsg-5+deb10u5vulnerable
bullseye (security), bullseye2:4.13.13+dfsg-1~deb11u6fixed
bookworm (security), bookworm2:4.17.12+dfsg-0+deb12u1fixed
sid, trixie2:4.21.1+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourceexperimental2:4.16.0+dfsg-1
sambasourcebullseye2:4.13.13+dfsg-1~deb11u3
sambasource(unstable)2:4.16.0+dfsg-21004694

Notes

[buster] - samba <ignored> (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1)
https://www.samba.org/samba/security/CVE-2022-0336.html
https://bugzilla.samba.org/show_bug.cgi?id=14950
[stretch] - samba <ignored> (Minor issue; affects Samba as AD DC; EOLed)
[jessie] - samba <ignored> (Minor issue; affects Samba as AD DC; EOLed)
Search for package or bug name: Reporting problems