28 Nov 2018
CVE-2018-16841 - CVE Vulnerability
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. (CVSS:0.0) (Last Update:2018-11-28)
Vulnerability Details : Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. Publish Date : 2018-11-28 Last Update Date : 2018-11-28 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-16841
- References For CVE-2018-16841
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-16841There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |