Main Vulnerability Database SB2018081448

SB2018081448 - Weakn encryption in samba (Alpine package)

Published: August 14, 2018

Security Bulletin ID SB2018081448

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Weakn encryption (CVE-ID: CVE-2018-1139)

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=2a5d0006bdb59356b99ca90d9b2b6147c0d526f6
https://git.alpinelinux.org/aports/commit/?id=53e46bd2838462d43bb89139a98f91afc31b6a08
https://git.alpinelinux.org/aports/commit/?id=d773d4c9846c9af6fff4cf55c1942ce486760f82