VDB
CVE-2018-16860
CVE-2018-16860
PUBLISHED
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
EPSS 1.17% · 79.0th percentile
Risk Scores
EPSS Score
1.17%
79.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | heimdal | 1.6~git20131207+dfsg-1ubuntu1.1, *, 1.6~git20120403+dfsg1-3ubuntu0.2 |
| Ubuntu:Pro:16.04:LTS | heimdal | 1.6~rc2+dfsg-10ubuntu1, 1.7~git20150920+dfsg-4ubuntu1, 1.7~git20150920+dfsg-4ubuntu1.16.04.1 |
| Ubuntu:18.04:LTS | samba | *, *, * |
| Ubuntu:18.04:LTS | heimdal | 7.5.0+dfsg-1, 7.4.0.dfsg.1-2, 0 |
| Ubuntu:Pro:14.04:LTS | samba | *, 2:4.1.6+dfsg-1ubuntu2.14.04.3, 2:4.1.6+dfsg-1ubuntu2.14.04.4 |
| Ubuntu:16.04:LTS | samba | 2:4.1.20+dfsg-1ubuntu1, 2:4.1.20+dfsg-1ubuntu5, 2:4.3.3+dfsg-1ubuntu1 |
Timeline
- May 14, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-16860 third-party-advisory
- https://www.samba.org/samba/security/CVE-2018-16860.html third-party-advisory
- https://ubuntu.com/security/notices/USN-3976-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3976-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-5675-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-16860 third-party-advisory