Main Vulnerability Database Vulnerabilities #VU14336

Weakn encryption in Samba - CVE-2018-1139

Published: August 14, 2018

Vulnerability identifier: #VU14336

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1139

CWE-ID: CWE-327

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Samba

Affected software:
Samba

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.

How to mitigate CVE-2018-1139

Update to version 4.7.9 or 4.8.4.

Sources

https://www.samba.org/samba/security/CVE-2018-1139.html

Weakn encryption in Samba - CVE-2018-1139

Detailed vulnerability description

How to mitigate CVE-2018-1139

Sources

Please verify you're human