CVE-2018-16841Use After Free in Samba

CWE-416Use After FreeCWE-415Double Free10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
7.1%
top 8.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaDebian SambaCanonical Ubuntu Linux+1 more
Timeline
PublishedNov 28
Latest updateMay 13

Description

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), term

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDsamba/samba4.3.04.7.12+2
debiandebian/samba< samba 2:4.9.2+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.9.2+dfsg-2+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.19+2

Also affects: Debian Linux 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: www.samba.orgPatch: www.samba.org

🔴Vulnerability Details

3
GHSA
GHSA-q3v8-mj9m-2wq4: Samba from version 42022-05-13
OSV
CVE-2018-16841: Samba from version 42018-11-28
OSV
samba vulnerabilities2018-11-27

📋Vendor Advisories

4
Red Hat
samba: Double-free in Samba AD DC KDC with PKINIT2018-11-28
Ubuntu
Samba vulnerabilities2018-11-27
Ubuntu
Samba vulnerabilities2018-11-27
Debian
CVE-2018-16841: samba - Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnera...2018

💬Community

2
Bugzilla
CVE-2018-16841 samba: Double-free in Samba AD DC KDC with PKINIT [fedora-all]2018-11-28
Bugzilla
CVE-2018-16841 samba: Double-free in Samba AD DC KDC with PKINIT2018-10-24