PublicDateAtUSN: 2018-08-14
Candidate: CVE-2018-1139
CRD: 2018-08-14
PublicDate: 2018-08-22 14:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139
 https://www.samba.org/samba/security/CVE-2018-1139.html
 https://ubuntu.com/security/notices/USN-3738-1
Description:
 A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of
 weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A
 man-in-the-middle attacker could use this flaw to read the credential and
 other details passed between the samba server and client.
Ubuntu-Description: 
Notes: 
 mdeslaur> 4.7.0 to 4.8.3 only
Bugs: 
 https://bugzilla.samba.org/show_bug.cgi?id=13360
Priority: medium
Discovered-by: Vivek Das
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_samba:
upstream_samba: released (4.7.9,4.8.4)
precise/esm_samba: not-affected
trusty_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.14.04.14)
trusty/esm_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.14.04.14)
xenial_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.13)
esm-infra/xenial_samba: not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.13)
bionic_samba: released (2:4.7.6+dfsg~ubuntu-0ubuntu2.2)
devel_samba: released (2:4.8.4+dfsg-2ubuntu1)