CVE-2018-16857

EPSS 2.6%
Published 28.11.2018 14:29:00
Last modified 21.11.2024 03:53:27
Source secalert@redhat.com
Teams watchlist Login
Open Login

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 4.9.0 < 4.9.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.6%	0.851

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
secalert@redhat.com	7.4	2.2	5.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

https://security.gentoo.org/glsa/202003-52

https://security.netapp.com/advisory/ntap-20181127-0001/

Third Party Advisory

http://www.securityfocus.com/bid/106024

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857

Third Party Advisory

Issue Tracking

Mitigation

https://www.samba.org/samba/security/CVE-2018-16857.html

Patch