Your submission was sent successfully! Close

CVE-2018-16841

Published: 27 November 2018

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream
Released (4.7.12,4.8.7,4.9.3)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:4.3.11+dfsg-0ubuntu0.16.04.18)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:4.3.11+dfsg-0ubuntu0.14.04.19)