Bug 1116324 (CVE-2018-16853) - VUL-0: CVE-2018-16853: samba: Mark MIT support for the AD DC experimental (related to CVE-2018-16853)
Summary: VUL-0: CVE-2018-16853: samba: Mark MIT support for the AD DC experimental (re...
Status: RESOLVED FIXED
Alias: CVE-2018-16853
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: The 'Opening Windows to a Wider World' guys
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/219362/
Whiteboard: CVSSv3:RedHat:CVE-2018-16853:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-16 11:02 UTC by Marcus Meissner
Modified: 2019-11-30 15:39 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Marcus Meissner 2018-11-27 10:15:01 UTC
https://www.samba.org/samba/security/CVE-2018-16853.html


CVE-2018-16853.html

====================================================================
== Subject:     Samba AD DC S4U2Self Crash in experimental
==              MIT Kerberos configuration (unsupported)
==
== CVE ID#:     CVE-2018-16853 
==
== Versions:    Samba 4.7.0 and later versions
==
== Summary:     A user in a Samba AD domain can crash the MIT KDC
==              by requesting an S4U2Self ticket.  
====================================================================

===========
Description
===========

A user in a Samba AD domain can crash the KDC when Samba is built in
the non-default MIT Kerberos configuration.

With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental.  Therefore the Samba Team will not
issue security patches for this configuration.

==================
Patch Availability
==================

Patches addressing parts of this issue have been posted to:

    https://bugzilla.samba.org/show_bug.cgi?id=13571

Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as
security releases to prevent building of the AD DC with MIT Kerberos
unless --with-experimental-mit-ad-dc is specified to the configure
command.  Samba administrators are advised to recompile Samba with the
default internal Heimdal Kerberos build as soon as possible by
removing --with-system-mitkrb5 from the configure command and
rebuilding Samba.

=========================
Workaround and mitigation
=========================

The default Heimdal build of Samba is not vulnerable.

=======
Credits
=======

Originally reported by Isaac Boukris.

Patches to disable the build provided by Andrew Bartlett of Catalyst
and the Samba team.

====================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
====================================================================
Comment 3 Swamp Workflow Management 2018-12-10 20:10:42 UTC
SUSE-SU-2018:4066-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1068059,1087303,1087931,1101499,1102230,1116319,1116320,1116322,1116324
CVE References: CVE-2018-14629,CVE-2018-16841,CVE-2018-16851,CVE-2018-16853
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    samba-4.7.11+git.140.6bd0e5b30d8-4.21.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    samba-4.7.11+git.140.6bd0e5b30d8-4.21.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    samba-4.7.11+git.140.6bd0e5b30d8-4.21.1
SUSE Linux Enterprise High Availability 15 (src):    samba-4.7.11+git.140.6bd0e5b30d8-4.21.1
Comment 5 Samuel Cabrero 2019-01-14 10:27:42 UTC
Released.