A double-free was found when Samba's KDC is used as an Active Directory Domain Controller. An authenticated attacker could use this flaw to cause a denial of service (application crash).
Find out more about CVE-2018-16841 from the MITRE CVE dictionary dictionary and NIST NVD.
This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.7 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | samba | Not affected |
| Red Hat Gluster Storage 3 | samba | Not affected |
| Red Hat Enterprise Linux 7 | samba | Not affected |
| Red Hat Enterprise Linux 6 | samba4 | Not affected |
Vulmon