Ubuntu update for Samba

Published: 2019-05-14 15:26:03 | Updated: 2019-05-14
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-16860
CVSSv3 6.5 [CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-287
Exploitation vector Local network
Public exploit N/A
Vulnerable software samba (Ubuntu package)
Vulnerable software versions samba (Ubuntu package) 2:4.10.0+dfsg-0ubuntu2
samba (Ubuntu package) 2:4.8.4+dfsg-2ubuntu2.3
samba (Ubuntu package) 2:4.8.4+dfsg-2ubuntu2.2

Show more

Vendor URL Canonical Ltd.

Security Advisory

1) Improper Authentication

Description

The vulnerability allows a remote authenticated user to compromise vulnerable domain.

The vulnerability exists due to an error within the process of obtaining kerberos ticket for a service from the Kerberos Key Distribution Center (KDC) that involves S4U2Self and S4U2Proxy extensions. A remote authenticated user can impersonate another service on the network and obtain elevated privileges within the domain.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable Active Directory implementation.

Remediation

Update the affected packages.

Ubuntu 19.04
samba - 2:4.10.0+dfsg-0ubuntu2.1
Ubuntu 18.10
samba - 2:4.8.4+dfsg-2ubuntu2.4
Ubuntu 18.04 LTS
samba - 2:4.7.6+dfsg~ubuntu-0ubuntu2.10
Ubuntu 16.04 LTS
samba - 2:4.3.11+dfsg-0ubuntu0.16.04.20

External links

https://usn.ubuntu.com/3976-1/

Back to List