Bug 2154320 (CVE-2022-37967) - CVE-2022-37967 samba: Kerberos constrained delegation ticket forgery possible against Samba AD DC
Summary: CVE-2022-37967 samba: Kerberos constrained delegation ticket forgery possible...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-37967
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2154322 2154323 2154324 2154325 2154326 2154327 2154328 2154329 2154330 2154331 2154332
Blocks: 2154280
TreeView+ depends on / blocked
 
Reported: 2022-12-16 15:28 UTC by Marco Benatto
Modified: 2025-04-16 14:26 UTC (History)
33 users (show)

Fixed In Version: samba 4.15.13, samba 4.16.8
Clone Of:
Environment:
Last Closed: 2022-12-16 18:48:16 UTC
Embargoed:

Attachments (Terms of Use)

Description Marco Benatto 2022-12-16 15:28:27 UTC 
A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
Comment 1 Marco Benatto 2022-12-16 15:29:27 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2154322]
Comment 5 Sandipan Roy 2025-04-16 14:26:50 UTC 
The Samba package as shipped with Red Hat Enterprise Linux 6, 7, 8 and 9 is not affected by this issue as Red Hat doesn't provide the AD domain controller capability with it.
Note You need to log in before you can comment on or make changes to this bug.