Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSamba
APPSamba< 4.15.134.16.0 – 4.16.8 (bez)
Powiązane podatności
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerabi...
Samba: RCE przez command injection w 'check password script' z podstawieniem %u
Samba: command injection w podsystemie drukowania przez podstawienie %J
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix do...
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1...