CVE-2018-16853 — Uncontrolled Resource Consumption in Samba

CWE-400 — Uncontrolled Resource Consumption7 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

4.9%

top 10.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedNov 28

Latest updateMay 13

Description

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos …

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDsamba/samba4.7.0 — 4.7.12+2

▶debiandebian/samba< samba 2:4.9.2+dfsg-2 (bookworm)

▶Debiansamba/samba< 2:4.9.2+dfsg-2+3

🔴Vulnerability Details

GHSA

GHSA-wggh-6fmq-953v: Samba from version 4↗2022-05-13

▶

OSV

CVE-2018-16853: Samba from version 4↗2018-11-28

▶

📋Vendor Advisories

Red Hat

samba: S4U2Self crash with MIT KDC build↗2018-11-28

▶

Debian

CVE-2018-16853: samba - Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD do...↗2018

▶

💬Community

Bugzilla

CVE-2018-16853 samba: S4U2Self crash with MIT KDC build [fedora-all]↗2018-11-28

▶

Bugzilla

CVE-2018-16853 samba: S4U2Self crash with MIT KDC build↗2018-11-07

▶