Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-16860

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
MISC: https://www.samba.org/...
BUGTRAQ: 20190814 APPLE-SA-2019...
BUGTRAQ: 20190814 APPLE-SA-2019...
BUGTRAQ: 20190814 APPLE-SA-2019...
BUGTRAQ: 20190814 APPLE-SA-2019...
SUSE: openSUSE-SU-2019:1888
FULLDISC: 20190816 APPLE-SA-2019...
FULLDISC: 20190816 APPLE-SA-2019...
FULLDISC: 20190816 APPLE-SA-2019...
FULLDISC: 20190816 APPLE-SA-2019...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://www.synology.c...
GENTOO: GLSA-202003-52

Launchpad.net

CVE 2018-16860

Related bugs

References