Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16841

Опубликовано: 28 нояб. 2018
Источник: nvd
CVSS3: 5.7
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.3.0 (включая) до 4.7.12 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.8.0 (включая) до 4.8.7 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.9.0 (включая) до 4.9.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.09418
Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-416
CWE-415

Связанные уязвимости

ubuntu логотип

CVE-2018-16841

CVSS3: 6.5
ubuntu
около 7 лет назад

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

redhat логотип

CVE-2018-16841

CVSS3: 5.7
redhat
около 7 лет назад

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

debian логотип

CVE-2018-16841

CVSS3: 6.5
debian
около 7 лет назад

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 a ...

github логотип

GHSA-q3v8-mj9m-2wq4

CVSS3: 6.5
github
больше 3 лет назад

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.

fstec логотип

BDU:2019-00878

CVSS3: 6.5
fstec
больше 7 лет назад

Уязвимость в работе центра распределения ключей (KDC) пакета программ сетевого взаимодействия Samba, связанная с ошибками при двойной очистке одного и того же участка памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.09418
Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-416
CWE-415