Описание
Windows Kerberos Elevation of Privilege Vulnerability
A Kerberos elevation of privilege vulnerability was found in all versions Samba AD DC. It exploits weaknesses in the RC4-HMAC cipher, allowing a service account with constrained delegation permission to forge a more powerful Kerberos ticket. This flaw could enable privilege escalation by adding unauthorized groups to the Privilege Attribute Certificate (PAC) without knowing the krbtgt key.
Отчет
The Samba package as shipped with Red Hat Enterprise Linux 6, 7, 8 and 9 is not affected by this issue as Red Hat doesn't provide the AD domain controller capability with it.
This vulnerability marked as Important because it allows privilege escalation without access to the krbtgt key, by exploiting RC4-HMAC weaknesses in Kerberos. An attacker with a service account and constrained delegation can forge tickets with unauthorized group memberships in the PAC, potentially gaining elevated access across the domain. This undermines Kerberos integrity and poses a high-impact risk in Samba AD DC environments.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 7 | samba | Not affected | ||
| Red Hat Enterprise Linux 8 | samba | Not affected | ||
| Red Hat Enterprise Linux 9 | samba | Not affected | ||
| Red Hat Storage 3 | samba | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS3
EPSS
7.2 High
CVSS3