[Samba] CVE-2022-26923 (aka certifried)
Kacper
kacper at kacper.se
Tue Nov 22 17:33:06 UTC 2022
Hello!
Is Samba vulnerable to the attack layed out in CVE-2022-26923? Are there
any plans to do what Microsoft did with KB5014754 and drop support for weak
certificate mappings?
I know Andrew talked about related issues at SambaXP but I must not been
paying good enough attention...
certifried is mentioned in his keynote (
https://www.samba.org/~abartlet/Kawaiicon-2022-kerberos-smaller.pdf) and
again in Samba bug #14833 (https://bugzilla.samba.org/show_bug.cgi?id=14833
).
It's my understanding that when using PKINIT (smart card logon) one is
vulnerable to certifried even though AD CS is not used if the certificate
authority responsible for issuing the certificates used for PKINIT is
somehow tricked to sign or otherwise generate a "bad" certificate. If the
CA is not part of the same organizational unit as the one that is managing
the Samba AD forest they might even be unaware of the security implications
of issuing a certificate that can be misused in a certifried attack.
For reference here is the CVE disclosure;
https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4
Regards,
Kacper
More information about the samba
mailing list