The Samba-Bugzilla – Attachment 14675 Details for
Bug 13678
[SECURITY] Mark MIT support for the AD DC experimental (related to CVE-2018-16853)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
updated adisory with CVE number
mit_no_security_advisory.txt (text/plain), 1.83 KB, created by
Karolin Seeger
on 2018-11-21 11:53:53 UTC
(
hide
)
Description:
updated adisory with CVE number
Filename:
MIME Type:
Creator:
Karolin Seeger
Created:
2018-11-21 11:53:53 UTC
Size:
1.83 KB
patch
obsolete
>==================================================================== >== Subject: Samba AD DC S4U2Self Crash in experimental >== MIT Kerberos configuration (unsupported) >== >== CVE ID#: CVE-2018-16853 >== >== Versions: Samba 4.7.0 and later versions >== >== Summary: A user in a Samba AD domain can crash the MIT KDC >== by requesting an S4U2Self ticket. >==================================================================== > >=========== >Description >=========== > >A user in a Samba AD domain can crash the KDC when Samba is built in >the non-default MIT Kerberos configuration. > >With this advisory we clarify that the MIT Kerberos build of the Samba >AD DC is considered experimental. Therefore the Samba Team will not >issue security patches for this configuration. > >================== >Patch Availability >================== > >Patches addressing parts of this issue have been posted to: > > https://bugzilla.samba.org/show_bug.cgi?id=13571 > >Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as >security releases to prevent building of the AD DC with MIT Kerberos >unless --with-experimental-mit-ad-dc is specified to the configure >command. Samba administrators are advised to recompile Samba with the >default internal Heimdal Kerberos build as soon as possible by >removing --with-system-mitkrb5 from the configure command and >rebuilding Samba. > >========================= >Workaround and mitigation >========================= > >The default Heimdal build of Samba is not vulnerable. > >======= >Credits >======= > >Originally reported by Isaac Boukris. > >Patches to disable the build provided by Andrew Bartlett of Catalyst >and the Samba team. > >==================================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==================================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14675">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 13678
:
14606
|
14607
|
14624
|
14625
|
14633
| 14675