CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
92.2%
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba
AD domain to crash the KDC when Samba is built in the non-default MIT
Kerberos configuration. With this advisory the Samba Team clarify that the
MIT Kerberos build of the Samba AD DC is considered experimental. Therefore
the Samba Team will not issue security patches for this configuration.
Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security
releases to prevent building of the AD DC with MIT Kerberos unless
–with-experimental-mit-ad-dc is specified to the configure command.
Author | Note |
---|---|
mdeslaur | Ubuntu package is not built with MIT Kerberos |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
92.2%