Samba Patches Vulnerability That Can Lead to DoS, Remote Code Execution


This week, Samba published fixes for an integer overflow flaw that might result in arbitrary code execution. Samba is an open source Active Directory Domain Controller for Linux and Unix systems that implements the Server Message Blockprotocol.

The newly fixed security flaw, identified as CVE-2022-42898, affects several Samba releases and is included in the Service for User to Proxy (S4U2proxy) handler, which offers “a service that acquires a service ticket to another service on behalf of a user.”

Read More…