CVE-2018-16841

Priority
Description
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are
vulnerable to a denial of service. When configured to accept smart-card
authentication, Samba's KDC will call talloc_free() twice on the same
memory if the principal in a validly signed certificate does not match the
principal in the AS-REQ. This is only possible after authentication with a
trusted certificate. talloc is robust against further corruption from a
double-free with talloc_free() and directly calls abort(), terminating the
KDC process.
Assigned-to
mdeslaur
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.7.12,4.8.7,4.9.3)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.6.25-0ubuntu0.12.04.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.3.11+dfsg-0ubuntu0.14.04.19)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.11+dfsg-0ubuntu0.16.04.18)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:4.7.6+dfsg~ubuntu-0ubuntu2.5)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2:4.8.4+dfsg-2ubuntu2.1)
Ubuntu 19.04 (Disco Dingo):needed
More Information

Updated: 2018-12-05 14:14:23 UTC (commit 9d35beeb9d40ed879dc7e2ee59c995c1872a11d6)