{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-0336", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:25:40.210Z", "dateReserved": "2022-01-21T00:00:00", "datePublished": "2022-08-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:53.455235"}, "descriptions": [{"lang": "en", "value": "The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity."}], "affected": [{"vendor": "n/a", "product": "Samba", "versions": [{"version": "Affects Samba v4.0.0 and later, Fixed in samba v4.13.17, v4.14.12, v4.15.4.", "status": "affected"}]}], "references": [{"url": "https://www.samba.org/samba/security/CVE-2022-0336.html"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=14950"}, {"url": "https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c"}, {"url": "https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046134"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-0336"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276 - Incorrect Default Permissions", "cweId": "CWE-276"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.210Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.samba.org/samba/security/CVE-2022-0336.html", "tags": ["x_transferred"]}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=14950", "tags": ["x_transferred"]}, {"url": "https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c", "tags": ["x_transferred"]}, {"url": "https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046134", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2022-0336", "tags": ["x_transferred"]}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-06"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EEB3465-0B2F-481E-B839-3ABCE85E2299", "versionEndExcluding": "4.13.17", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E57F9C0-2EA0-4485-B018-665139BA3F42", "versionEndExcluding": "4.14.12", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "713AE88D-3F5B-4E80-8E10-692B4925F76B", "versionEndExcluding": "4.15.4", "versionStartIncluding": "4.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity."}, {"lang": "es", "value": "El DC de Samba AD incluye comprobaciones cuando son a\u00f1adidos nombres de directores de servicio (SPN) a una cuenta para asegurar que los SPN no presentan alias con los que ya est\u00e1n en la base de datos. Algunas de estas comprobaciones pueden omitirse si una modificaci\u00f3n de la cuenta vuelve a a\u00f1adir un SPN que ya estaba presente en esa cuenta, como uno a\u00f1adido cuando un equipo es unido a un dominio. Un atacante que tenga la capacidad de escribir en una cuenta puede aprovechar esto para llevar a cabo un ataque de denegaci\u00f3n de servicio al a\u00f1adir un SPN que coincida con un servicio existente. Adem\u00e1s, un atacante que pueda interceptar el tr\u00e1fico puede hacerse pasar por los servicios existentes, resultando en una p\u00e9rdida de confidencialidad e integridad"}], "id": "CVE-2022-0336", "lastModified": "2023-09-17T09:15:10.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-29T15:15:09.250", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-0336"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046134"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=14950"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039a3c"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156be400"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-0336.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Kees van Vloten. for reporting this issue. Upstream acknowledges the Samba project as the original reporter.", "bugzilla": {"description": "samba: Samba AD users with permission to write to an account can impersonate arbitrary services", "id": "2046134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046134"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-276", "details": ["The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.", "A logic flaw in the Samba Active Directory Domain Controller leads to a denial of service and service impersonation. This flaw allows an attacker with the ability to write to an account to perform a denial of service attack or service impersonation by adding an SPN that matches an existing service."], "name": "CVE-2022-0336", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 3"}], "public_date": "2022-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0336\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0336\nhttps://www.samba.org/samba/security/CVE-2022-0336.html"], "statement": "No versions of Red Hat Enterprise Linux, Red Hat Gluster Storage, or any other Red Hat Products are affected by this vulnerability.", "threat_severity": "Important", "upstream_fix": "samba 4.13.17, samba 4.14.12, samba 4.15.4"}