Vulnerability Description
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 4.0.0, < 4.13.17 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2022-0336Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2046134Issue TrackingThird Party Advisory
- https://bugzilla.samba.org/show_bug.cgi?id=14950Issue TrackingPatchVendor Advisory
- https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039PatchThird Party Advisory
- https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156bePatchThird Party Advisory
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2022-0336.htmlVendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-0336Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2046134Issue TrackingThird Party Advisory
- https://bugzilla.samba.org/show_bug.cgi?id=14950Issue TrackingPatchVendor Advisory
- https://github.com/samba-team/samba/commit/1a5dc817c0c9379bbaab14c676681b42b0039PatchThird Party Advisory
- https://github.com/samba-team/samba/commit/c58ede44f382bd0125f761f0479c8d48156bePatchThird Party Advisory
- https://security.gentoo.org/glsa/202309-06
- https://www.samba.org/samba/security/CVE-2022-0336.htmlVendor Advisory
FAQ
What is CVE-2022-0336?
CVE-2022-0336 is a vulnerability with a CVSS score of 8.8 (HIGH). The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypas...
How severe is CVE-2022-0336?
CVE-2022-0336 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0336?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Fedoraproject Fedora.