Litokollo tse lokisoang tsa Samba 4.17.3, 4.16.7 le 4.15.12 li phatlalalitsoe ka ho felisoa ha ts'oaetso (CVE-2022-42898) lilaebraring tsa Kerberos tse lebisang ho phallo e felletseng le ho ngola lintlha ho tsoa meeling ha ho sebetsoa PAC. (Privileged Attribute Certificate) e rometsoe ke mosebelisi ea netefalitsoeng. Phatlalatso ea lintlafatso tsa liphutheloana kabong e ka lateloa maqepheng: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD.
Ntle le Samba, bothata bo boetse bo hlaha ka har'a liphutheloana tse nang le MIT Kerberos le Heimdal Kerberos. Tlaleho ea ts'oaetso e tsoang ho projeke ea Samba ha e qaqise tšokelo, empa tlaleho ea MIT Kerberos e re ho ba kotsing ho ka lebisa ts'ebetsong ea khoutu e hole. Tšebeliso ea ts'oaetso e ka etsahala feela lits'ebetsong tsa 32-bit.
Taba ena e ama litlhophiso le KDC (Key Distribution Centeror) kapa kadmind. Litlhophiso ntle le Active Directory, ts'oaetso e boetse e hlaha ho li-server tsa Samba tsa faele tse sebelisang Kerberos. Bothata bo bakoa ke phoso tšebetsong ea krb5_parse_pac(), ka lebaka leo boholo ba "buffer" bo sebelisitsoeng ha ho arola likarolo tsa PAC bo baloe ka phoso. Litsamaisong tsa 32-bit, ha ho sebetsoa li-PAC tse etselitsoeng ka ho khetheha, phoso e ka lebisa ho beheng block ea 16-byte e rometsoeng ke mohlaseli kantle ho buffer e fanoeng.
Source: opennet.ru