CVE-2018-16841
Description
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Sambas KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
9.418
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.8.4+dfsg-2ubuntu2.1_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.8.4+dfsg-2ubuntu2.1_amd64.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.7.6+dfsg~ubuntu-0ubuntu2.5_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.7.6+dfsg~ubuntu-0ubuntu2.5_amd64.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.3.11+dfsg-0ubuntu0.14.04.19_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.3.11+dfsg-0ubuntu0.14.04.19_amd64.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.3.11+dfsg-0ubuntu0.16.04.18_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3827-1) samba_4.3.11+dfsg-0ubuntu0.16.04.18_amd64.deb | Linux |
| samba security update(DSA-4345-1) samba_4.5.12+dfsg-2+deb9u4_i386.deb | Linux |
| samba security update(DSA-4345-1) samba_4.5.12+dfsg-2+deb9u4_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234