Your submission was sent successfully! Close

CVE-2018-16860

Published: 14 May 2019

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.10)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:4.3.11+dfsg-0ubuntu0.16.04.20)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:4.3.11+dfsg-0ubuntu0.14.04.20+esm1)