Reversible One-Way Hash The advisory has been revoked - it doesn't affect any version of package samba  (opens in a new tab)


Threat Intelligence

EPSS
0.45% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2004-SAMBA-3174120
  • published16 Dec 2022
  • disclosed6 Mar 2023

Introduced: 16 Dec 2022

CVE-2022-45141  (opens in a new tab)
CWE-328  (opens in a new tab)
CWE-326  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:20.04.

NVD Description

Note: Versions mentioned in the description apply only to the upstream samba package and not the samba package as distributed by Ubuntu.

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).