cbcvebase.
CVE-2018-16860
published 2019-07-31

CVE-2018-16860: A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding…

high7.5CVSS 3.0
AVNACHPRLUINSUCHIHAH
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Affected

25 ranges
VendorProductVersion rangeFixed in
appleios
applemacos_mojave_10.14.6_security_update_2019-004_high_sierra_security_update_2019-0
appletvos
applewatchos
debianheimdal< heimdal 7.5.0+dfsg-3 (bookworm)heimdal 7.5.0+dfsg-3 (bookworm)
debiansamba< heimdal 7.5.0+dfsg-3 (bookworm)heimdal 7.5.0+dfsg-3 (bookworm)
heimdal_projectheimdal>= 0 < 7.5.0+dfsg-37.5.0+dfsg-3
heimdal_projectheimdal>= 0 < 7.5.0+dfsg-37.5.0+dfsg-3
heimdal_projectheimdal>= 0 < 7.5.0+dfsg-37.5.0+dfsg-3
heimdal_projectheimdal>= 0 < 7.5.0+dfsg-37.5.0+dfsg-3
heimdal_projectheimdal>= 0 < 7.5.0+dfsg-1ubuntu0.17.5.0+dfsg-1ubuntu0.1
heimdal_projectheimdal>= 0 < 7.7.0+dfsg-1ubuntu1.17.7.0+dfsg-1ubuntu1.1
heimdal_projectheimdal>= 0 < 1.6~git20131207+dfsg-1ubuntu1.2+esm11.6~git20131207+dfsg-1ubuntu1.2+esm1
heimdal_projectheimdal>= 0 < 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm11.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1
heimdal_projectheimdal0.8 – 7.5.0
sambasamba
sambasamba
sambasamba
sambasamba>= 0 < 2:4.9.5+dfsg-42:4.9.5+dfsg-4
sambasamba>= 0 < 2:4.9.5+dfsg-42:4.9.5+dfsg-4
sambasamba>= 0 < 2:4.9.5+dfsg-42:4.9.5+dfsg-4
sambasamba>= 0 < 2:4.9.5+dfsg-42:4.9.5+dfsg-4
sambasamba>= 4.10.0 < 4.10.34.10.3
sambasamba>= 4.8.0 < 4.8.124.8.12
sambasamba>= 4.9.0 < 4.9.84.9.8

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH