FKIE_CVE-2018-16860

Vulnerability from fkie_nvd - Published: 2019-07-31 15:15 - Updated: 2024-11-21 03:53
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Aug/11
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Aug/13
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Aug/14
secalert@redhat.comhttp://seclists.org/fulldisclosure/2019/Aug/15
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Aug/21
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Aug/22
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Aug/23
secalert@redhat.comhttps://seclists.org/bugtraq/2019/Aug/25
secalert@redhat.comhttps://security.gentoo.org/glsa/202003-52
secalert@redhat.comhttps://support.apple.com/HT210346
secalert@redhat.comhttps://support.apple.com/HT210348
secalert@redhat.comhttps://support.apple.com/HT210351
secalert@redhat.comhttps://support.apple.com/HT210353
secalert@redhat.comhttps://www.samba.org/samba/security/CVE-2018-16860.htmlMitigation, Vendor Advisory
secalert@redhat.comhttps://www.synology.com/security/advisory/Synology_SA_19_23
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/11
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/13
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/14
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/15
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/21
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/22
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/23
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/25
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-52
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT210346
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT210348
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT210351
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT210353
af854a3a-2127-422b-91ae-364da2661108https://www.samba.org/samba/security/CVE-2018-16860.htmlMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_19_23
Impacted products
Vendor Product Version
samba samba *
samba samba *
samba samba *
heimdal_project heimdal *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E9BEFE-FF93-4C6F-B76D-6B8CFE1E5BDD",
              "versionEndExcluding": "4.8.12",
              "versionStartIncluding": "4.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35DB3E08-0131-4AF2-AB27-D51B401D7D45",
              "versionEndExcluding": "4.9.8",
              "versionStartIncluding": "4.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "895BEC8B-ADBC-4575-B07E-3149A613C4ED",
              "versionEndExcluding": "4.10.3",
              "versionStartIncluding": "4.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "683A4E25-64AF-46AC-BAA8-E56BD9C9840F",
              "versionEndIncluding": "7.5.0",
              "versionStartIncluding": "0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in samba\u0027s Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en la implementaci\u00f3n de Heimdal KDC de samba, versiones 4.8.x hasta 4.8.12 excluy\u00e9ndola, versiones 4.9.x hasta 4.9.8 excluy\u00e9ndola, y versiones 4.10.x hasta 4.10.3 excluy\u00e9ndola, cuando es usado en modo AD DC . Un atacante de tipo man in the middle podr\u00eda usar este fallo para interceptar la petici\u00f3n al KDC y reemplazar el nombre de usuario (principal) en la petici\u00f3n con cualquier nombre de usuario (principal) deseado que exista en el KDC obteniendo efectivamente un ticket para este principal."
    }
  ],
  "id": "CVE-2018-16860",
  "lastModified": "2024-11-21T03:53:28.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-31T15:15:11.687",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Aug/21"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Aug/22"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Aug/23"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/Aug/25"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/202003-52"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT210346"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT210348"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT210351"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT210353"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Aug/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Aug/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Aug/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/Aug/25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202003-52"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT210346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT210348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT210351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT210353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.samba.org/samba/security/CVE-2018-16860.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_23"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-358"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-358"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.