CVE-2018-16853

Name of the Vulnerable Software and Affected Versions: Samba versions 4.7.0 through 4.9.3

Description: The issue is related to an uncontrolled system resource consumption in the Samba AD DC component when built with the non-default MIT Kerberos configuration. This can be exploited by a remote attacker to cause a denial of service, specifically crashing the Key Distribution Center (KDC) in a Samba AD domain. The Samba Team considers the MIT Kerberos build of the Samba AD DC experimental and will not issue security patches for this configuration.

Recommendations: For Samba versions 4.7.0 through 4.9.3, to prevent building of the AD DC with MIT Kerberos, it is recommended to specify --with-experimental-mit-ad-dc to the configure command when building Samba. At the moment, there is no information about a newer version that contains a fix for this vulnerability.