Vulnerability identifier: #VU6628
Vulnerability risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Samba
Server applications /
Directory software, identity management
Vendor: Samba
Description
The vulnerability allows a remote attacker on the local network to bypass Kerberos authentication.
The vulnerability exists due to design error when implementing Kerberos authentication. An attacker with access to local network can place a fake Samba server, intercept a valid general purpose Kerberos "Ticket Granting Ticket" (TGT) and fully impersonate the authenticated user or service.
Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain access to otherwise restricted resources and services.
Mitigation
The vulnerability is patched in versions 4.5.3, 4.4.8 and 4.3.13.
Vulnerable software versions
Samba: 3.0.25c - 3.0.37, 3.1.0, 3.2.0 - 3.2.15, 3.3.0 - 3.3.16, 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.25, 4.0.0 - 4.0.26, 4.1.0 - 4.1.23, 4.2.0 - 4.2.14, 4.3.0 - 4.3.12, 4.4.0 rc4 - 4.4.13, 4.5.0 - 4.5.2
External links
https://www.samba.org/samba/security/CVE-2016-2125.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.