CVE-2018-1139 — Improper Input Validation in Samba

CWE-20 — Improper Input Validation CWE-522 — Insufficiently Protected Credentials9 documents8 sources

Severity

8.1HIGHNVD

EPSS

1.6%

top 18.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba THE Samba Team Samba Canonical Ubuntu Linux +3 more

Timeline

PublishedAug 22

Latest updateMay 13

Description

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

▶NVDsamba/samba4.7.0 — 4.7.9+1

▶Debiansamba/samba< 2:4.8.4+dfsg-1+3

▶CVEListV5the_samba_team/sambabefore 4.7.9, before 4.8.4+1

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

🔴Vulnerability Details

GHSA

GHSA-xxm3-fp55-pm48: A flaw was found in the way samba before 4↗2022-05-13

▶

OSV

CVE-2018-1139: A flaw was found in the way samba before 4↗2018-08-22

▶

CVEList

CVE-2018-1139: A flaw was found in the way samba before 4↗2018-08-22

▶

📋Vendor Advisories

Red Hat

samba: Weak authentication protocol regression↗2018-08-16

▶

Ubuntu

Samba vulnerabilities↗2018-08-14

▶

Debian

CVE-2018-1139: samba - A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak...↗2018

▶

💬Community

Bugzilla

CVE-2018-1139 samba: Weak authentication protocol regression [fedora-all]↗2018-08-16

▶

Bugzilla

CVE-2018-1139 samba: Weak authentication protocol regression↗2018-06-11

▶