7.5

CVE-2018-16853

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 4.7.0 < 4.7.12
SambaSamba Version >= 4.8.0 < 4.8.7
SambaSamba Version >= 4.9.0 < 4.9.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.08% 0.86
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20181127-0001/
Third Party Advisory
http://www.securityfocus.com/bid/106026
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853
Third Party Advisory
Issue Tracking
https://www.samba.org/samba/security/CVE-2018-16853.html
Vendor Advisory