CVE-2018-1139

Published: 14 August 2018

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Priority

Medium

CVSS 3 base score: 8.1

Status

Notes

4.7.0 to 4.8.3 only

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139
• https://www.samba.org/samba/security/CVE-2018-1139.html
• https://ubuntu.com/security/notices/USN-3738-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.samba.org/show_bug.cgi?id=13360