Open-E Knowledgebase

[JDSS] [DSS V7] Open-E Samba CVE-2022-0336

Article ID: 3311
Last updated: 23 Mar, 2022

Additional information:

  • product name: JovianDSS / DSS V7
  • product version: all
  • build: all ​​​​​​
     

Description:

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain.

An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.


Explanation:

This vulnerability does not apply to the JovianDSS or DSS V7 as both systems does not act as a Active Domain controllers only as a clients.

This article was:   Helpful | Not helpful Report an issue


Article ID: 3311
Last updated: 23 Mar, 2022
Revision: 1
Views: 0
Posted: 23 Mar, 2022 by Stolarczyk M.
Updated: 23 Mar, 2022 by Stolarczyk M.
print  Print email  Subscribe email  Email to friend share  Share pool  Add to pool
Tags
samba vulnerabilities
Also listed in
folder JovianDSS -> JovianDSS Information -> General info

Prev     Next
[DSS V7][JDSS] SSH Problem under Linux with checkmk 2.2 and...       [JDSS] [DSS V7] Open-E Samba CVE-2021-44142

The Knowledge base is managed by Open-E data storage software company.