enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #07820
[Question #681511]: CVE-2018-16860
New question #681511 on samba in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/samba/+question/681511
I want to know whether the 16.04 version of ubuntu have been bckported with the corresponding samba version - that is a fix for the
Samba 4.x < 4.8.12 / 4.9.x < 4.9.8 / 4.10.x < 4.10.3 Man in the Middle Vulnerability
Here is what my vuln scanner is telling me ...
The version of Samba running on the remote host is 4.x prior to 4.8.12, 4.9.x prior to 4.9.8 or 4.10.x prior to 4.10.3.It is, therefore, affected by a man in the middle vulnerability in the Heimdal KDC due to an design error. An authenticated, remote attacker can exploit this, via replacing the user name on intercepted requests to the KDC, to bypass security restrictions.
...
It is still popping up on our scans due to the version number but I want to be sure because I know version number does not always mean a vulnerability has been unpatched/patched.
--
You received this question notification because your team Ubuntu
Server/Client Support Team is an answer contact for samba in Ubuntu.
