[Samba] Possible security issue with DHCP script.

Zombie Ryushu zombie_ryushu at yahoo.com
Mon Jun 20 04:50:12 UTC 2022

I use a Strongswan VPN to connect via IPSec over VPN. Due to an error on 
my part, I set the user identity to olympia.pukey ( - which 
is the hostname to one of my Domain Controllers. I use the script for 
Kerberized updates with Bind DLZ, and it accepted the zone update, 
changing the A Record to, the DHCP lease given by dhcpd. 
This broke domain Authentication. There is no check in the script to see 
if a DC occupied that hostname. I was able to manually fix it back. This 
could be used by a malicious actor to intercept domain logins.

More information about the samba mailing list