Описание
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 | samba3x | Not affected | ||
| Red Hat Enterprise Linux 6 | samba | Not affected | ||
| Red Hat Enterprise Linux 6 | samba4 | Not affected | ||
| Red Hat Enterprise Linux 8 | samba | Not affected | ||
| Red Hat Enterprise Linux 7 | samba | Fixed | RHSA-2018:3056 | 30.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | libtalloc | Fixed | RHSA-2018:2612 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | libtdb | Fixed | RHSA-2018:2612 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | libtevent | Fixed | RHSA-2018:2612 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | samba | Fixed | RHSA-2018:2612 | 04.09.2018 |
Показывать по
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the u ...
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
Уязвимость компонента аутентификации NTLMv1 программ сетевого взаимодействия Samba, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным
5.4 Medium
CVSS3