Samba released patches for an integer overflow flaw that could result in arbitrary code execution. Samba is an open source Active Directory Domain Controller (AD DC) for Linux and Unix systems that implements the Server Message Block (SMB) protocol. The newly fixed security flaw, identified as CVE-2022-42898, affects several Samba releases and is present in the Service for User to Proxy (S4U2proxy) handler, which offers “a service that obtains a service ticket to another service on behalf of a user.” The feature, also known as “constrained delegation,” depends on request and response messages from the Kerberos exchange’s ticket-granting service (TGS). The Key Distribution Center is supported by Kerberos along with Heimdal and MIT Kerberos libraries in Samba (KDC).
Read More: Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution
