Corrective releases of the Samba 4.17.3, 4.16.7 and 4.15.12 package have been published with the elimination of the vulnerability (CVE-2022-42898) in the Kerberos libraries, leading to an integer overflow and writing data outside the allocated buffer when processing PAC (Privileged Attribute Certificate) parameters sent by the authenticated user. The publication of package updates in distributions can be tracked on the pages: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD.
In addition to Samba, the problem also appears in packages with MIT Kerberos and Heimdal Kerberos. The vulnerability report from the Samba project did not detail the threat, but the MIT Kerberos report indicated that the vulnerability could lead to remote code execution. Exploitation of the vulnerability is only possible on 32-bit systems.
The problem affects configurations with KDC (Key Distribution Centeror) or kadmind. In configurations without Active Directory, the vulnerability also manifests itself on Samba file servers using Kerberos. The problem is caused by a bug in the krb5_parse_pac() function, due to which the size of the buffer used when parsing PAC fields was incorrectly calculated. On 32-bit systems, when processing specially crafted PACs, an error could result in a 16-byte block passed by the attacker being placed outside the allocated buffer.
Source: opennet.ru