CVE-2018-16841

2018-11-2700:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.7%

JSON

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are
vulnerable to a denial of service. When configured to accept smart-card
authentication, Samba’s KDC will call talloc_free() twice on the same
memory if the principal in a validly signed certificate does not match the
principal in the AS-REQ. This is only possible after authentication with a
trusted certificate. talloc is robust against further corruption from a
double-free with talloc_free() and directly calls abort(), terminating the
KDC process.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=13628>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsamba< 2:4.7.6+dfsg~ubuntu-0ubuntu2.5UNKNOWN
ubuntu18.10noarchsamba< 2:4.8.4+dfsg-2ubuntu2.1UNKNOWN
ubuntu14.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.14.04.19UNKNOWN
ubuntu16.04noarchsamba< 2:4.3.11+dfsg-0ubuntu0.16.04.18UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	samba	< 2:4.7.6+dfsg~ubuntu-0ubuntu2.5	UNKNOWN
ubuntu	18.10	noarch	samba	< 2:4.8.4+dfsg-2ubuntu2.1	UNKNOWN
ubuntu	14.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.14.04.19	UNKNOWN
ubuntu	16.04	noarch	samba	< 2:4.3.11+dfsg-0ubuntu0.16.04.18	UNKNOWN