Korean
<< Back
VID 23283
Severity 30
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is 4.4.x prior to 4.4.15. It is, therefore, affected by a logic flaw in the Heimdal implementation of Kerberos, specifically within the _krb5_extract_ticket() function within lib/krb5/ticket.c, due to the unsafe use of cleartext metadata from an unauthenticated ticket instead of the encrypted version stored in the Key Distribution Center (KDC) response. A man-in-the-middle attacker can exploit this issue to impersonate Kerberos services. This can potentially result in a privilege escalation or the theft of credentials. Note that Samba versions built against MIT Kerberos are not impacted by this issue.

* References:
https://www.samba.org/samba/security/CVE-2017-11103.html
https://www.samba.org/samba/history/samba-4.4.15.html
https://www.samba.org/samba/history/samba-4.5.12.html
https://www.samba.org/samba/history/samba-4.6.6.html
https://www.orpheus-lyre.info/

* Platforms Affected:
Samba Project, Samba versions 4.4.x before 4.4.15
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.4.15 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2017-11103 (CVE)
Related URL 103382,103387 (SecurityFocus)
Related URL (ISS)