The Samba-Bugzilla – Attachment 14606 Details for
Bug 13678
[SECURITY] Mark MIT support for the AD DC experimental (related to CVE-2018-16853)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
security advisory text
mit_no_security_advisory.txt (text/plain), 1.78 KB, created by
Andrew Bartlett
on 2018-11-06 21:23:31 UTC
(
hide
)
Description:
security advisory text
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-11-06 21:23:31 UTC
Size:
1.78 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC S4U2Self Crash in experimental >== MIT Kerberos configuration (unsupported) >== >== CVE ID#: >== >== Versions: Samba 4.7.0 and later versions >== >== Summary: A user in a Samba AD domain can crash the MIT KDC >== by requesting an S4U2Self ticket. >=========================================================== > >=========== >Description >=========== > >A user in a Samba AD domain can crash the KDC when Samba is built in >the non-default MIT Kerberos configuration. > >With this advisory we clarify that the MIT Kerberos build of the Samba >AD DC is considered experimental. Therefore the Samba Team will not >issue security patches for this configuration. > >================== >Patch Availability >================== > >Patches addressing parts of this issue have been posted to: > > https://bugzilla.samba.org/show_bug.cgi?id=13571 > >Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as >security releases to prevent building of the AD DC with MIT Kerberos >unless --with-experimental-mit-ad-dc is specified to the configure >command. Samba administrators are advised to recompile Samba with the >default internal Heimdal Kerberos build as soon as possible by >removing --with-system-mitkrb5 from the configure command and >rebuilding Samba. > >========================= >Workaround and mitigation >========================= > >The default Heimdal build of Samba is not vulnerable. > >======= >Credits >======= > >Originally reported by $REPORTER. > >Patches to disable the build provided by Andrew Bartlett of Catalyst >and the Samba team. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14606">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13678
:
14606
|
14607
|
14624
|
14625
|
14633
|
14675