Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Samba 竞争条件问题漏洞
Vulnerability Description
Samba是用于 Linux 和 Unix 的标准 Windows 互操作性程序套件。 Samba存在竞争条件问题漏洞,该漏洞源于在作为 Active Directory 域控制器的 Samba 实现基于 Kerberos 名称的身份验证的方式中发现了一个缺陷。如果 Samba AD DC 不严格要求 Kerberos PAC 并始终使用其中找到的 SID,则它可能会对票证代表的用户感到困惑。结果可能包括整个域的妥协。
CVSS Information
N/A
Vulnerability Type
N/A