Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2018-16853

Published: 28/11/2018 Updated: 09/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Samba

Vulnerability Summary

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

Vendor Advisories

Red Hat: CVE-2018-16853
Samba versions 47 and later, built with MIT Kerberos support, are vulnerable to a crash via the S4U2self extension A user in a Samba Active Directory domain can crash the KDC when Samba is built in the non-default MIT Kerberos configuration ...
Arch Linux Issues:
A denial of service has been found in samba from 470 up to and including 492, where a user in a Samba AD domain can crash the MIT KDC by requesting an S4U2Self ticket This only happens if Samba is build in a experimental and unsupported MIT Kerberos configuration ...

References

CWE-400https://www.samba.org/samba/security/CVE-2018-16853.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853https://security.netapp.com/advisory/ntap-20181127-0001/http://www.securityfocus.com/bid/106026https://security.gentoo.org/glsa/202003-52https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-16853
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook