CVE-2018-16860

Name of the Vulnerable Software and Affected Versions Samba versions 4.8.x up to, excluding 4.8.12 Samba versions 4.9.x up to, excluding 4.9.8 Samba versions 4.10.x up to, excluding 4.10.3

Description A flaw was found in Samba's Heimdal KDC implementation when used in AD DC mode, allowing a man-in-the-middle attacker to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC, effectively obtaining a ticket for that principal. The issue is related to improper checksum validation in the S4U2Self extension, which can allow attackers to elevate their privileges and access privileged resources.

Recommendations For Samba versions 4.8.x up to, excluding 4.8.12, update to version 4.8.12 or later to resolve the issue. For Samba versions 4.9.x up to, excluding 4.9.8, update to version 4.9.8 or later to resolve the issue. For Samba versions 4.10.x up to, excluding 4.10.3, update to version 4.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Heimdal KDC implementation to minimize the risk of exploitation.