Main Vulnerability Database Vulnerabilities #VU14336

#VU14336 Weakn encryption in Samba - CVE-2018-1139

Published: August 14, 2018

Vulnerability identifier: #VU14336

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1139

CWE-ID: CWE-327

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Samba

Software vendor:
Samba

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error that allows usage of NTLMv1 encryption protocol over SMB1 transport, even when NTLMv1 is explicitly disabled.

Remediation

Update to version 4.7.9 or 4.8.4.

External links

https://www.samba.org/samba/security/CVE-2018-1139.html

#VU14336 Weakn encryption in Samba - CVE-2018-1139

Description

Remediation

External links

Please verify you're human