| VID |
23285 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.6.x prior to 4.6.6. It is, therefore, affected by a logic flaw in the Heimdal implementation of Kerberos, specifically within the _krb5_extract_ticket() function within lib/krb5/ticket.c, due to the unsafe use of cleartext metadata from an unauthenticated ticket instead of the encrypted version stored in the Key Distribution Center (KDC) response. A man-in-the-middle attacker can exploit this issue to impersonate Kerberos services. This can potentially result in a privilege escalation or the theft of credentials. Note that Samba versions built against MIT Kerberos are not impacted by this issue.
* References:
https://www.samba.org/samba/security/CVE-2017-11103.html
https://www.samba.org/samba/history/samba-4.4.15.html
https://www.samba.org/samba/history/samba-4.5.12.html
https://www.samba.org/samba/history/samba-4.6.6.html
https://www.orpheus-lyre.info/
* Platforms Affected:
Samba Project, Samba versions 4.6.x before 4.6.6
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.6.6 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2017-11103 (CVE) |
| Related URL |
103382,103387 (SecurityFocus) |
| Related URL |
(ISS) |
|
