#VU18438 Improper Authentication in Samba - CVE-2018-16860


Vulnerability identifier: #VU18438

Vulnerability risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-16860

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote authenticated user to compromise vulnerable domain.

The vulnerability exists due to an error within the process of obtaining kerberos ticket for a service from the Kerberos Key Distribution Center (KDC) that involves S4U2Self and S4U2Proxy extensions. A remote authenticated user can impersonate another service on the network and obtain elevated privileges within the domain.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable Active Directory implementation.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.0.0 - 4.0.26, 4.1.0 - 4.10.2, 4.2.0 - 4.2.14, 4.3.0 - 4.3.13, 4.4.0 rc4 - 4.4.16, 4.5.0 - 4.5.16, 4.6.0 - 4.6.16, 4.7.0 - 4.7.12, 4.8.0 - 4.8.11, 4.9.0 - 4.9.8

External links
https://www.samba.org/samba/security/CVE-2018-16860.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in cflinuxfs3
Ubuntu update for heimdal
Improper Authentication in firefox-esr (Alpine package)
Gentoo update for Samba
OpenSUSE Linux update for libheimdal
OpenSUSE Linux update for libheimdal
OpenSUSE Linux update for libheimdal
Improper Authentication in heimdal (Alpine package)
Improper Authentication in samba (Alpine package)
Ubuntu update for Samba