Showing 1 - 14 of 14

CVE-2018-16860

Status Candidate

Overview

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Related Files

Ubuntu Security Notice USN-5675-1: Posted Oct 17, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5675-1 - Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the application. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. It was discovered that Heimdal was not properly handling the verification of key exchanges when an anonymous PKINIT was being used. An attacker could possibly use this issue to perform a machine-in-the-middle attack and expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2018-16860, CVE-2019-12098, CVE-2021-3671, CVE-2022-3116; SHA-256 | cccb3115b4cd49cebb9eb16ec6095a0201e4fb722052b6fc3da60864aee574a5; Download | Favorite | View

Gentoo Linux Security Advisory 202003-52: Posted Mar 26, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202003-52 - Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution. Versions less than 4.11.6 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140, CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857, CVE-2018-16860, CVE-2019-10197, CVE-2019-14861, CVE-2019-14870, CVE-2019-14902, CVE-2019-14907, CVE-2019-19344; SHA-256 | 78ecd3bc02b0f10129021084736ee7cc0c9408898c589745d90193370efe75aa; Download | Favorite | View

Apple Security Advisory 2019-8-13-4: Posted Aug 14, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-8-13-4 - tvOS 12.4 addresses code execution, cross site scripting, and use-after-free vulnerabilities.; tags | advisory, vulnerability, code execution, xss; systems | apple; advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8686, CVE-2019-8687; SHA-256 | 5c16cf4f39ac871a1aa20bbd43173cd98409ef2952a531eca72daf8b66676b69; Download | Favorite | View

Apple Security Advisory 2019-8-13-3: Posted Aug 14, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-8-13-3 - watchOS 5.3 addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss; systems | apple; advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8624, CVE-2019-8641, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8657, CVE-2019-8658, CVE-2019-8659, CVE-2019-8660, CVE-2019-8662, CVE-2019-8665, CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8688, CVE-2019-8689, CVE-2019-9506; SHA-256 | 8687e23349eecbb5e491abfca28715e37deeab31dc11419ace073eeecc681bf4; Download | Favorite | View

Apple Security Advisory 2019-8-13-2: Posted Aug 14, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-8-13-2 - iOS 12.4 addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss; systems | apple, ios; advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8663, CVE-2019-8665, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684; SHA-256 | b98e7cd927afee1903b1b3a7c757e97c4d76ba11e133c4498d01036e781da6da; Download | Favorite | View

Apple Security Advisory 2019-8-13-1: Posted Aug 14, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-8-13-1 - Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra.; tags | advisory; systems | apple; advisories | CVE-2018-16860, CVE-2018-19860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8646, CVE-2019-8648, CVE-2019-8656, CVE-2019-8657, CVE-2019-8660, CVE-2019-8661, CVE-2019-8662, CVE-2019-8663, CVE-2019-8667, CVE-2019-8691, CVE-2019-8692, CVE-2019-8693, CVE-2019-8694, CVE-2019-8695, CVE-2019-8697, CVE-2019-9506; SHA-256 | 6266eca3896b7b39a8d738262e16698fe6e05863fe32766e7503eb368caf528d; Download | Favorite | View

Apple Security Advisory 2019-7-22-5: Posted Jul 23, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-7-22-5 - tvOS 12.4 is now available and addresses code execution, cross site scripting, and use-after-free vulnerabilities.; tags | advisory, vulnerability, code execution, xss; systems | apple; advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8686, CVE-2019-8687; SHA-256 | a073d5ed8110ce510716aaf1b4327d7e54f250576137583621a10b137bdd1d21; Download | Favorite | View

Apple Security Advisory 2019-7-22-2: Posted Jul 23, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-7-22-2 - macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address bypass, code execution, and use-after-free vulnerabilities.; tags | advisory, vulnerability, code execution; systems | apple; advisories | CVE-2018-16860, CVE-2018-19860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8646, CVE-2019-8648, CVE-2019-8656, CVE-2019-8657, CVE-2019-8660, CVE-2019-8661, CVE-2019-8662, CVE-2019-8663, CVE-2019-8667, CVE-2019-8670, CVE-2019-8691, CVE-2019-8692, CVE-2019-8693, CVE-2019-8694, CVE-2019-8695, CVE-2019-8697; SHA-256 | 06edb784a4752aa4a94e3f66afb745716e5fc85ffa3efeaa7239483824f55009; Download | Favorite | View

Apple Security Advisory 2019-7-22-4: Posted Jul 23, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-7-22-4 - watchOS 5.3 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss; systems | apple; advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8624, CVE-2019-8641, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8657, CVE-2019-8658, CVE-2019-8659, CVE-2019-8660, CVE-2019-8662, CVE-2019-8665, CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8688, CVE-2019-8689; SHA-256 | 05143da45f0a4a4a85ef183b070438591e5fb6f8ce9f083e0deaf3fa0438537c; Download | Favorite | View

Apple Security Advisory 2019-7-22-1: Posted Jul 22, 2019; Authored by Apple | Site apple.com; Apple Security Advisory 2019-7-22-1 - iOS 12.4 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss; systems | apple, ios; advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8663, CVE-2019-8665, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684; SHA-256 | 98652db38a2c68e39ff0f8a5d43718e1f059313953f3baf2ab01cbbceebec0b7; Download | Favorite | View

Debian Security Advisory 4455-1: Posted Jun 3, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4455-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2018-16860, CVE-2019-12098; SHA-256 | 34fb9260f06657469efd3fcc207d0a3f9bdd4ceb2e09ef50bcedaf28242118d4; Download | Favorite | View

Debian Security Advisory 4443-1: Posted May 15, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4443-1 - Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation.; tags | advisory; systems | linux, debian; advisories | CVE-2018-16860; SHA-256 | fb25e12c7143ff8b5e03faf896f26ee71a527079e816ff24c5e5022deb9629af; Download | Favorite | View

Ubuntu Security Notice USN-3976-2: Posted May 15, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3976-2 - USN-3976-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2018-16860; SHA-256 | dc238c801fb491a6deeff0ae33473ba76059857751a81303fa6bc4757e001b57; Download | Favorite | View

Ubuntu Security Notice USN-3976-1: Posted May 14, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3976-1 - Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2018-16860; SHA-256 | dd0a1a6394e8291ab9afd43a7fe9011256f9949be69dcaaa57db35a38fd62ecd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2018-16860

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems