Launchpad CVE tracker

CVE 2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

Related bugs and status

CVE-2022-45141 (Candidate) is related to these bugs:

Bug #2003867: Samba user home path not accessible if directory added after %U - canonicalize_connect_path failed

Summary				In	Importance	Status
	2003867	Samba user home path not accessible if directory added after %U - canonicalize_connect_path failed		samba (Ubuntu)	Critical	Fix Released

Bug #2003891: Can not authenticate on Windows after upgrading samba AD packages to version 2:4.13.17~dfsg-0ubuntu1.20.04.4

Summary				In	Importance	Status
	2003891	Can not authenticate on Windows after upgrading samba AD packages to version 2:4.13.17~dfsg-0ubuntu1.20.04.4		samba (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-45141

References