Описание
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
Отчет
On Red Hat Enterprise Linux (RHEL) versions 6, 7, 8, 9 and 10, the Samba packages as shipped are not affected by this vulnerability. This is because Red Hat does not provide Active Directory Domain Controller (AD DC) functionality in its Samba packages, and the vulnerable wins hook execution path exists only when Samba is configured as a domain controller with WINS support enabled. As a result, the Samba deployments on RHEL cannot be exploited via this issue. This vulnerability is considered Critical rather than Important because it enables unauthenticated remote code execution (RCE) on a Samba Active Directory Domain Controller through a trivially reachable network service. The flaw lies in the wins hook mechanism, where unvalidated NetBIOS names from incoming WINS registration packets are directly concatenated into a shell command and executed with sh -c. This means an attacker can inject arbitrary shell metacharacters and run commands with the privileges of the Samba process—often root on a DC. Unlike moderate flaws that may require authentication, complex preconditions, or result only in limited information exposure or denial of service, this issue provides a direct path to full system compromise over the network with minimal effort. The combination of remote reachability, lack of authentication, low complexity, and full confidentiality, integrity, and availability impact justifies its classification as a Critical vulnerability.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba4 | Not affected | ||
| Red Hat Enterprise Linux 7 | samba | Not affected | ||
| Red Hat Enterprise Linux 8 | samba | Not affected | ||
| Red Hat Enterprise Linux 9 | samba | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
10 Critical
CVSS3
Связанные уязвимости
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
A flaw was found in Samba, in the front-end WINS hook handling: NetBIO ...
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process.
Уязвимость реализации сервера разрешения имён WINS пакета программ сетевого взаимодействия Samba, позволяющая нарушителю выполнить произвольный код
10 Critical
CVSS3