Joseph Sutton

**Name of the Vulnerable Software and Affected Versions** Samba Active Directory DCs (affected versions not specified) **Description** The issue is related to the use of the RC4-HMAC cryptographic algorithm in the implementation of the Heimdal Kerberos protocol in Samba. This can allow a remote attacker to execute arbitrary code. Vulnerable Samba Active Directory DCs will issue RC4-HMAC encrypted tickets despite the target server supporting better encryption, such as aes256-cts-hmac-sha1-96. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** The issue is related to errors during the authentication procedure in the Samba network file system. It allows a remote attacker to change the password of any user and gain full access to the account. Specifically, the Key Distribution Center (KDC) in Samba accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** The issue is related to a use-after-free problem in the Samba AD LDAP server, specifically in the AD DC database audit logging module. This module can access LDAP message values that have been freed by a preceding database module. The issue can be exploited when modifying certain privileged attributes, such as `userAccountControl`. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A flaw was found in Samba, where Samba AD users can cause the server to access uninitialized data with an LDAP add or modify request, usually resulting in a segmentation fault. The vulnerability is related to errors in initializing the `count` variable in the `memcpy()` function. Exploitation of the vulnerability may allow a remote attacker to impact the confidentiality of protected information or cause a denial of service by sending specially crafted messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** A null pointer de-reference was found in the way Samba Kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the Samba server. The issue is related to errors in pointer dereferencing, allowing a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.