Vulnerability CVE-2018-16860

Vulnerability Name:

CVE-2018-16860 (CCN-161007)

Assigned:

2018-09-11

Published:

2019-05-14

Updated:

2019-08-14

Summary:

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-358

Vulnerability Consequences:

Bypass Security

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.8.0 and < 4.8.12)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.9.0 and < 4.9.8)

OR cpe:/a:samba:samba:*:*:*:*:*:*:*:* (Version >= 4.10.0 and < 4.10.3)

Configuration 2:

cpe:/a:heimdal_project:heimdal:*:*:*:*:*:*:*:* (Version >= 0.8 and <= 7.5.0)

Configuration CCN 1:

cpe:/a:samba:samba:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201816860	V	CVE-2018-16860	2023-06-22
oval:org.opensuse.security:def:7661	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7662	P	libsamba-policy-devel-4.17.7+git.330.4057cd7a27a-150500.1.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7447	P	bcel-5.2-150200.11.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7469	P	cpp7-7.5.0+r278197-4.30.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:723	P	Security update for postgresql14 (Important)	2022-09-01
oval:org.opensuse.security:def:6343	P	Security update for freerdp (Critical)	2022-07-11
oval:org.opensuse.security:def:3072	P	fuse-2.9.3-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3584	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3071	P	ft2demos-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3164	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94701	P	libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94702	P	libsamba-policy-devel-4.15.5+git.328.f1f29505d84-150400.1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:129	P	libdcerpc-binding0-32bit-4.13.4+git.187.5ad4708741a-1.34 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1058	P	Security update for MozillaFirefox (Important)	2022-04-07
oval:org.opensuse.security:def:112125	P	ctdb-4.14.6+git.182.2205d5224e3-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:112644	P	libheimdal-7.7.0-1.11 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:69815	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:93437	P	(Important)	2021-12-22
oval:org.opensuse.security:def:10431	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:10385	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:7294	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:6488	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:93779	P	(Important)	2021-12-06
oval:org.opensuse.security:def:10363	P	Security update for tomcat (Important)	2021-11-16
oval:org.opensuse.security:def:105662	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:10355	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:10663	P	Security update for ffmpeg (Moderate)	2021-10-26
oval:org.opensuse.security:def:7272	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) (Important)	2021-10-12
oval:org.opensuse.security:def:106125	P	libheimdal-7.7.0-1.11 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:8647	P	Security update for xerces-c (Important)	2021-09-02
oval:org.opensuse.security:def:10654	P	Security update for MozillaThunderbird (Important)	2021-08-30
oval:org.opensuse.security:def:69710	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:48103	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14983	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63379	P	subversion-server-1.10.6-3.15.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:71888	P	libdcerpc-binding0-32bit-4.13.4+git.187.5ad4708741a-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62813	P	libsrt1-1.3.4-1.45 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62334	P	sysstat-12.0.2-3.27.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100905	P	libdcerpc-binding0-32bit-4.13.4+git.187.5ad4708741a-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62333	P	supportutils-3.1.15-1.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62357	P	xorg-x11-server-1.20.3-22.5.30.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63015	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62147	P	libdcerpc-binding0-32bit-4.13.4+git.187.5ad4708741a-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:8628	P	Security update for nodejs8 (Important)	2021-08-05
oval:org.opensuse.security:def:8811	P	Security update for MozillaFirefox (Important)	2021-07-27
oval:org.opensuse.security:def:6451	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:8798	P	Security update for go1.15 (Important)	2021-06-30
oval:org.opensuse.security:def:8613	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:8789	P	Security update for salt (Critical)	2021-06-21
oval:org.opensuse.security:def:6470	P	Security update for the Linux Kernel (Important)	2021-06-15
oval:org.opensuse.security:def:8780	P	Security update for spice-gtk (Moderate)	2021-06-10
oval:org.opensuse.security:def:11314	P	gnome-shell-3.10.4-22.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11336	P	libXcursor1-1.1.14-3.60 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10676	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:8747	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:8566	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:8722	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9471	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:6321	P	Security update for evolution-data-server (Moderate)	2021-03-19
oval:org.opensuse.security:def:9449	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:6313	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:6720	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15) (Important)	2021-02-10
oval:org.opensuse.security:def:74268	P	Security update for openssh (Moderate)	2020-12-09
oval:org.opensuse.security:def:6645	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15) (Important)	2020-12-07
oval:org.opensuse.security:def:107158	P	libdcerpc-binding0-32bit-4.11.5+git.161.74bc5e6ec8e-2.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16850	P	libndr-devel-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12802	P	ctdb-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62534	P	libQt5OpenGLExtensions-devel-static-5.9.7-11.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63153	P	gtk-vnc-devel-0.7.2-1.33 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4014	P	libndr-devel-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61812	P	libdcerpc-binding0-32bit-4.11.5+git.161.74bc5e6ec8e-2.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12977	P	libdcerpc-binding0-32bit-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71553	P	libdcerpc-binding0-32bit-4.11.5+git.161.74bc5e6ec8e-2.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116716	P	libdcerpc-binding0-32bit-4.11.5+git.161.74bc5e6ec8e-2.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100492	P	libdcerpc-binding0-32bit-4.11.5+git.161.74bc5e6ec8e-2.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:6518	P	telepathy-gabble on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10587	P	polkit-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73032	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64202	P	ruby2.5-rubygem-rails-html-sanitizer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6626	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37527	P	libgssglue1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66459	P	libdcerpc-binding0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6436	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73150	P	libdcerpc-binding0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6745	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36752	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6545	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37073	P	autofs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6787	P	libzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63946	P	Security update for ruby2.1 (Important)	2020-12-01
oval:org.opensuse.security:def:66367	P	cpp7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8520	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37380	P	apache2-mod_apparmor on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6496	P	python-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10512	P	libjpeg62-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6634	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8490	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64090	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:6611	P	ghostscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37488	P	libXcursor1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6389	P	libjavascriptcoregtk-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37599	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36741	P	python-pyOpenSSL on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38279	P	libdcerpc-binding0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36972	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6603	P	freerdp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63840	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:8498	P	powerpc-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37220	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6809	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10493	P	libexif-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6621	P	gpgme on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64048	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:6564	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10612	P	xorg-x11-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38237	P	lcms2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74142	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:37555	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49164	P	libdcerpc-binding0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6778	P	libvte9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36836	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6570	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63706	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:36740	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37130	P	gnome-settings-daemon on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6796	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10478	P	libXv-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6612	P	gimp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37439	P	ghostscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49110	P	graphviz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:100150	P	Security update for libheimdal (Moderate)	2019-08-14
oval:com.ubuntu.disco:def:2018168600000000	V	CVE-2018-16860 on Ubuntu 19.04 (disco) - medium.	2019-07-31
oval:com.ubuntu.bionic:def:2018168600000000	V	CVE-2018-16860 on Ubuntu 18.04 LTS (bionic) - medium.	2019-07-31
oval:com.ubuntu.xenial:def:2018168600000000	V	CVE-2018-16860 on Ubuntu 16.04 LTS (xenial) - medium.	2019-07-31
oval:org.opensuse.security:def:109892	P	Security update for libheimdal (Moderate)	2019-07-01
oval:com.ubuntu.cosmic:def:2018168600000000	V	CVE-2018-16860 on Ubuntu 18.10 (cosmic) - medium.	2019-05-14

BACK