National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-16853 Detail

Description

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.

Source:  MITRE
Description Last Modified:  11/28/2018

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securityfocus.com/bid/106026
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853
https://security.netapp.com/advisory/ntap-20181127-0001/
https://www.samba.org/samba/security/CVE-2018-16853.html

Technical Details

Vulnerability Type (View All)

Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-16853
NVD Published Date:
11/28/2018
NVD Last Modified:
11/29/2018