Updated: 0001-01-01 00:00:00
Description:
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | samba | 3.6.23 | 9.8 | CRITICAL | Not Vulnerable | 2023-03-14 14:03:50 | |
| CentOS 8.4 ELS | samba | 4.13.3-5 | 9.8 | CRITICAL | Not Vulnerable | 2023-03-14 08:50:13 | |
| CentOS 8.5 ELS | samba | 4.14.5-7 | 9.8 | CRITICAL | Not Vulnerable | 2023-03-14 11:03:56 | |
| CloudLinux 6 ELS | samba | 3.6.23 | 9.8 | CRITICAL | Not Vulnerable | 2023-03-14 14:03:50 | |
| Oracle Linux 6 ELS | samba | 3.6.23 | 9.8 | CRITICAL | Not Vulnerable | 2023-03-14 14:03:50 | |
| Ubuntu 16.04 ELS | samba | 4.3.11 | 9.8 | CRITICAL | Released | CLSA-2023:1679000956 | 2023-03-16 21:02:33 |
| Ubuntu 18.04 ELS | samba | 4.7.6 | 9.8 | CRITICAL | Needs Triage | 2023-03-14 00:13:17 |