User Privilege Vulnerability in Samba Products by Samba Team
CVE-2018-16853

7.5HIGH

Key Information:

Vendor: [unknown]
Status: Samba
Vendor: CVE Published:; 28 November 2018

What is CVE-2018-16853?

A serious vulnerability has been identified in Samba versions starting from 4.7.0, allowing users in an Active Directory (AD) domain to crash the Key Distribution Center (KDC) if Samba is built using the non-default MIT Kerberos configuration. The Samba Team has labeled this configuration as experimental and will not provide patches for security issues arising from its use. Therefore, it is essential for users to avoid using the AD DC with MIT Kerberos unless explicitly specified during configuration. Security releases have been issued to mitigate potential risks associated with this issue.

Affected Version(s)

samba 4.7.12

samba 4.8.7

samba 4.9.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853

x_refsource_CONFIRM

https://www.samba.org/samba/security/CVE-2018-16853.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106026

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2018
Vulnerability Reserved
Sep 11, 2018

CVE-2018-16853 Data

JSON

[unknown]

What is CVE-2018-16853?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline