Описание
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 |
| cosmic | released | 2:4.8.4+dfsg-2ubuntu2.1 |
| devel | released | 2:4.9.4+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | released | 2:4.3.11+dfsg-0ubuntu0.14.04.19 |
| esm-infra/bionic | released | 2:4.7.6+dfsg~ubuntu-0ubuntu2.5 |
| esm-infra/xenial | released | 2:4.3.11+dfsg-0ubuntu0.16.04.18 |
| precise/esm | not-affected | 2:3.6.25-0ubuntu0.12.04.16 |
| trusty | released | 2:4.3.11+dfsg-0ubuntu0.14.04.19 |
| trusty/esm | released | 2:4.3.11+dfsg-0ubuntu0.14.04.19 |
| upstream | released | 4.7.12,4.8.7,4.9.3 |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 a ...
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
Уязвимость в работе центра распределения ключей (KDC) пакета программ сетевого взаимодействия Samba, связанная с ошибками при двойной очистке одного и того же участка памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3