CVE-2018-1139

Priority
Description
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of
weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A
man-in-the-middle attacker could use this flaw to read the credential and
other details passed between the samba server and client.
Notes
 mdeslaur> 4.7.0 to 4.8.3 only
Assigned-to
mdeslaur
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.7.9,4.8.4)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2:4.3.11+dfsg-0ubuntu0.14.04.14)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:4.3.11+dfsg-0ubuntu0.16.04.13)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:4.7.6+dfsg~ubuntu-0ubuntu2.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2:4.8.4+dfsg-2ubuntu1)
More Information

Updated: 2019-01-14 22:31:16 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)