Critical Vulnerability Discovered in Samba Active Directory (AD) System

A critical vulnerability has been discovered in the Samba Active Directory (AD) system. This vulnerability could allow attackers to escalate privileges within the system and potentially take control of the entire domain.

The vulnerability, tracked as CVE-2023-3961, affects Samba versions 4.13.0 and later when used as an Active Directory Domain Controller. The risk level of the vulnerability is rated 7.5 on the CVSS v3 scale, which indicates a serious threat.

Cause of the Vulnerability

The vulnerability arises from incorrect handling of access controls when creating new objects in the Samba system. If administrators are granted special rights to create objects, they can also modify security-related attributes of those objects.

If an attacker has special rights within the system, they can alter the security attributes of newly created objects, thus escalating their privileges. In other words, because administrators are automatically considered the “creator owner” of the object at the time of creation, they are granted additional rights.

Risks of Exploiting the Vulnerability

If an attacker exploits this vulnerability, they could escalate their privileges and gain access to the entire Active Directory system. This poses a significant risk, especially for organizations.

Updates to Address the Vulnerability

The Samba team has released updates to address the vulnerability:

  • Samba 4.18.3
  • Samba 4.17.9
  • Samba 4.16.13

Administrators are strongly urged to install these updates as soon as possible.

Recommendations if Immediate Update Is Not Possible

If an immediate update cannot be installed, administrators are advised to:

  • Closely monitor delegated administrator accounts and restrict access for them.
  • Apply the principle of least privilege.
  • Regularly audit Active Directory permissions.

Important Notes

  • This vulnerability is only dangerous for Samba when used as an Active Directory Domain Controller.
  • Samba file servers and domain member servers are not affected by this vulnerability.
  • Some Linux distributions, such as Red Hat Enterprise Linux, are unaffected as they use Samba only as a file server.

Conclusion

The risk of privilege escalation in Samba AD is a serious issue. If you are using Samba AD, immediately address this vulnerability. Updating your system, controlling access, and performing regular security audits are important steps to protect your infrastructure.

Skip to content