CVE-2018-16860
Summary
| CVE | CVE-2018-16860 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-31 15:15:00 UTC |
| Updated | 2019-08-14 12:15:00 UTC |
| Description | A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal. |
Risk And Classification
Problem Types: CWE-358
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 | FULLDISC | seclists.org | |
| Full Disclosure: APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 | FULLDISC | seclists.org | |
| Synology Inc. | CONFIRM | www.synology.com | |
| About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra - Apple Support | CONFIRM | support.apple.com | |
| About the security content of iOS 12.4 - Apple Support | CONFIRM | support.apple.com | |
| 1705877 – (CVE-2018-16860) CVE-2018-16860 samba: S4U2Self with unkeyed checksum | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Bugtraq: APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra | BUGTRAQ | seclists.org | |
| Full Disclosure: APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 | FULLDISC | seclists.org | |
| About the security content of watchOS 5.3 - Apple Support | CONFIRM | support.apple.com | |
| Bugtraq: APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 | BUGTRAQ | seclists.org | |
| Samba - Security Announcement Archive | MISC | www.samba.org | Mitigation, Vendor Advisory |
| Full Disclosure: APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra | FULLDISC | seclists.org | |
| Bugtraq: APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 | BUGTRAQ | seclists.org | |
| About the security content of tvOS 12.4 - Apple Support | CONFIRM | support.apple.com | |
| Samba: Multiple vulnerabilities (GLSA 202003-52) — Gentoo security | GENTOO | security.gentoo.org | |
| Bugtraq: APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 | BUGTRAQ | seclists.org | |
| [security-announce] openSUSE-SU-2019:1888-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198986 Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5675-1)
- 500245 Alpine Linux Security Update for heimdal
- 500619 Alpine Linux Security Update for samba
- 503993 Alpine Linux Security Update for heimdal
- 504381 Alpine Linux Security Update for samba
- 670882 EulerOS Security Update for samba (EulerOS-SA-2020-2396)