Ubuntu update for Samba

Published: 2019-05-14 | Updated: 2019-05-14
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-16860
CWE ID CWE-287
Exploitation vector Local network
Public exploit N/A
Vulnerable software samba (Ubuntu package) Subscribe
Vendor Canonical Ltd.

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Improper Authentication

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-16860

CWE-ID: CWE-287 - Improper Authentication

Description

The vulnerability allows a remote authenticated user to compromise vulnerable domain.

The vulnerability exists due to an error within the process of obtaining kerberos ticket for a service from the Kerberos Key Distribution Center (KDC) that involves S4U2Self and S4U2Proxy extensions. A remote authenticated user can impersonate another service on the network and obtain elevated privileges within the domain.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable Active Directory implementation.

Mitigation

Update the affected packages.

Ubuntu 19.04
samba - 2:4.10.0+dfsg-0ubuntu2.1
Ubuntu 18.10
samba - 2:4.8.4+dfsg-2ubuntu2.4
Ubuntu 18.04 LTS
samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10
Ubuntu 16.04 LTS
samba - 2:4.3.11+dfsg-0ubuntu0.16.04.20

Vulnerable software versions

samba (Ubuntu package): 2:4.3.11+dfsg-0ubuntu0.14.04.1, 2:4.3.11+dfsg-0ubuntu0.14.04.2, 2:4.3.11+dfsg-0ubuntu0.14.04.3, 2:4.3.11+dfsg-0ubuntu0.14.04.4, 2:4.3.11+dfsg-0ubuntu0.14.04.6, 2:4.3.11+dfsg-0ubuntu0.14.04.7, 2:4.3.11+dfsg-0ubuntu0.14.04.8, 2:4.3.11+dfsg-0ubuntu0.14.04.9, 2:4.3.11+dfsg-0ubuntu0.14.04.10, 2:4.3.11+dfsg-0ubuntu0.14.04.11, 2:4.3.11+dfsg-0ubuntu0.14.04.12, 2:4.3.11+dfsg-0ubuntu0.14.04.13, 2:4.3.11+dfsg-0ubuntu0.14.04.14, 2:4.3.11+dfsg-0ubuntu0.14.04.16, 2:4.3.11+dfsg-0ubuntu0.14.04.17, 2:4.3.11+dfsg-0ubuntu0.14.04.18, 2:4.3.11+dfsg-0ubuntu0.14.04.19, 2:4.3.11+dfsg-0ubuntu0.14.04.20, 2:4.3.11+dfsg-0ubuntu0.16.04.1, 2:4.3.11+dfsg-0ubuntu0.16.04.2, 2:4.3.11+dfsg-0ubuntu0.16.04.3, 2:4.3.11+dfsg-0ubuntu0.16.04.5, 2:4.3.11+dfsg-0ubuntu0.16.04.6, 2:4.3.11+dfsg-0ubuntu0.16.04.7, 2:4.3.11+dfsg-0ubuntu0.16.04.8, 2:4.3.11+dfsg-0ubuntu0.16.04.9, 2:4.3.11+dfsg-0ubuntu0.16.04.10, 2:4.3.11+dfsg-0ubuntu0.16.04.11, 2:4.3.11+dfsg-0ubuntu0.16.04.12, 2:4.3.11+dfsg-0ubuntu0.16.04.13, 2:4.3.11+dfsg-0ubuntu0.16.04.15, 2:4.3.11+dfsg-0ubuntu0.16.04.16, 2:4.3.11+dfsg-0ubuntu0.16.04.17, 2:4.3.11+dfsg-0ubuntu0.16.04.18, 2:4.3.11+dfsg-0ubuntu0.16.04.19, 2:4.7.6+dfsg~ubuntu-0ubuntu1, 2:4.7.6+dfsg~ubuntu-0ubuntu2, 2:4.7.6+dfsg~ubuntu-0ubuntu2.2, 2:4.7.6+dfsg~ubuntu-0ubuntu2.3, 2:4.7.6+dfsg~ubuntu-0ubuntu2.4, 2:4.7.6+dfsg~ubuntu-0ubuntu2.5, 2:4.7.6+dfsg~ubuntu-0ubuntu2.6, 2:4.7.6+dfsg~ubuntu-0ubuntu2.7, 2:4.7.6+dfsg~ubuntu-0ubuntu2.8, 2:4.7.6+dfsg~ubuntu-0ubuntu2.9, 2:4.7.6+dfsg~ubuntu-0ubuntu3, 2:4.8.4+dfsg-1, 2:4.8.4+dfsg-2, 2:4.8.4+dfsg-2ubuntu1, 2:4.8.4+dfsg-2ubuntu2, 2:4.8.4+dfsg-2ubuntu2.1, 2:4.8.4+dfsg-2ubuntu2.2, 2:4.8.4+dfsg-2ubuntu2.3, 2:4.8.4+dfsg-2ubuntu3, 2:4.10.0+dfsg-0ubuntu1, 2:4.10.0+dfsg-0ubuntu2

CPE External links

https://usn.ubuntu.com/3976-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.