Samba has rolled out security updates for high-severity vulnerabilities that can allow a cybercriminal to take control of systems running the affected Samba versions.

The critical vulnerabilities CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141 have been patched in versions 4.17.4, 4.16.8, and 4.15.13. All previous versions of Samba are deemed vulnerable. So why is it important for you to update Samba?

What Is Samba?

Samba is a free and open-source software suite that offers fast and stable file and print services. It is possible to integrate the file-sharing tool with a Microsoft Windows Server Domain, either as a domain member or a Domain Controller (DC).

Samba is a re-implementation of the famous SMB protocol. Samba offers network administrators flexibility in terms of setup, configuration, and choice of systems.

All the Samba versions 4 onwards support Active Directory (AD) and Microsoft NT domains. The Windows interoperability tool is available for Unix, Linux, and macOS.

What Vulnerabilities Have Been Found in Samba?

a representation of a hacker

It's always important to update all your software, including operating system. That's because, as well as performance improvements, updates patch software vulnerabilities. So why is it important that you update Samba right now? To properly understand, we need to further investigate the vulnerabilities in the software.

1. CVE-2022-38023

CVE-2022-38023, with an 8.1 CVSS score, is a vulnerability associated with the RC4/HMAC-MD5 NetLogon Secure Channel. Kerberos uses weak RC4-HMAC cryptography. Similarly, the RC4 mode in the NETLOGON Secure Channel is also vulnerable as they are the same ciphers. This affects all versions of Samba.

The issue lies in the secure checksum that is calculated as HMAC-MD5(MD5(DATA)(KEY). If an attacker knows the plain text, they could create different data of their choice using the same MD5 checksum and substitute it in the data stream.

To combat this, the cipher must be disabled in Samba. In the patch released for this vulnerability, the configurations by default have been set to: 

        reject md5 clients = yes
    
        reject md5 servers = yes

The good news is that this cipher is not used by most modern servers, such as Windows 7 and later. The NetApp ONTAP, however, still uses RC4.

2. CVE-2022-37966

An attacker who successfully exploits CVE-2022-37966 could gain administrator privileges. The CVSS score for this vulnerability is 8.1. The weakness lies in the third-party authentication system, Kerberos, used in Active Directory (AD). Kerberos issues a session key that is encrypted and only known to the client and server.

Kerberos RC4-HMAC is a weak cipher. If it is exploited similarly to CVE-2022-38023, the protection of HMAC can be bypassed even if the attacker doesn’t know the key.

To successfully exploit this flaw, an attacker needs to gather information specific to the environment of the targeted system.

3. CVE-2022-37967

This flaw allows an authenticated attacker to exploit cryptographic protocol vulnerabilities in Windows Kerberos. If the cyberattacker succeeds in gaining control of the service that is permitted for delegation, he can change the Kerberos PAC to gain administrator privileges. CVE-2022-37967 has a 7.2 CVSS score.

4. CVE-2022-45141

Binary code displayed on a screen with a padlock representing encryption.

The issue lies in the coding error in Heimdal versions. Kerberos issues a ticket to a target server using a key only known to the server, which is returned to the client in TGS-REP.

Due to the error in the code in Heimdal, if there is a hacker in place of a client, they will get the opportunity to select the encryption type and obtain the ticket encrypted with a vulnerable RC4-HMAC cipher that they could later exploit.

This can be prevented by totally removing RC4-MAC from the server. CVE-2022-45141 also has an 8.1 CVSS score.

Of course, patching these vulnerabilities doesn't mean your whole system is now secure, which is why we advise you use a solid security suite too.

Apply Security Updates Quickly

Users and administrators need to review Samba security and quickly apply the necessary security patches so that you can continue to use Samba securely.

Samba is an efficient tool that makes file-sharing easy. With this tool, you can also set up a network-shared folder on any Linux system and share files across multiple operating systems on a network. Just make sure you always keep it updated so you can enjoy optimal performance and strong security.