{"api_version":"1","generated_at":"2026-05-09T23:10:30+00:00","cve":"CVE-2018-16853","urls":{"html":"https://cve.report/CVE-2018-16853","api":"https://cve.report/api/cve/CVE-2018-16853.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-16853","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-16853"},"summary":{"title":"CVE-2018-16853","description":"Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2018-11-28 14:29:00","updated_at":"2019-10-09 23:36:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106026","name":"106026","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.samba.org/samba/security/CVE-2018-16853.html","name":"https://www.samba.org/samba/security/CVE-2018-16853.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20181127-0001/","name":"https://security.netapp.com/advisory/ntap-20181127-0001/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"November 2018 Samba Vulnerabilities in NetApp StorageGRID Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202003-52","name":"GLSA-202003-52","refsource":"GENTOO","tags":[],"title":"Samba: Multiple vulnerabilities (GLSA 202003-52) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1647246 – (CVE-2018-16853) CVE-2018-16853 samba: S4U2Self crash with MIT KDC build","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-16853","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16853","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"16853","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16853","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-16853","qid":"500637","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2018-16853","qid":"504401","title":"Alpine Linux Security Update for samba"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2018-16853","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"samba","version":{"version_data":[{"version_value":"4.7.12"},{"version_value":"4.8.7"},{"version_value":"4.9.3"}]}}]},"vendor_name":"[UNKNOWN]"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command."}]},"impact":{"cvss":[[{"vectorString":"7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400"}]}]},"references":{"reference_data":[{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16853"},{"name":"https://www.samba.org/samba/security/CVE-2018-16853.html","refsource":"CONFIRM","url":"https://www.samba.org/samba/security/CVE-2018-16853.html"},{"name":"106026","refsource":"BID","url":"http://www.securityfocus.com/bid/106026"},{"name":"https://security.netapp.com/advisory/ntap-20181127-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20181127-0001/"},{"refsource":"GENTOO","name":"GLSA-202003-52","url":"https://security.gentoo.org/glsa/202003-52"}]}},"nvd":{"publishedDate":"2018-11-28 14:29:00","lastModifiedDate":"2019-10-09 23:36:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.0","versionEndExcluding":"4.8.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.0","versionEndExcluding":"4.9.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7.0","versionEndExcluding":"4.7.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"16853","Ordinal":"133664","Title":"CVE-2018-16853","CVE":"CVE-2018-16853","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"16853","Ordinal":"1","NoteData":"Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"16853","Ordinal":"2","NoteData":"2018-11-28","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"16853","Ordinal":"3","NoteData":"2020-03-25","Type":"Other","Title":"Modified"}]}}}