exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2018-16860

Status Candidate

Overview

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Related Files

Gentoo Linux Security Advisory 202003-52
Posted Mar 26, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-52 - Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution. Versions less than 4.11.6 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140, CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857, CVE-2018-16860, CVE-2019-10197, CVE-2019-14861, CVE-2019-14870, CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
SHA-256 | 78ecd3bc02b0f10129021084736ee7cc0c9408898c589745d90193370efe75aa
Apple Security Advisory 2019-8-13-4
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-4 - tvOS 12.4 addresses code execution, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8686, CVE-2019-8687
SHA-256 | 5c16cf4f39ac871a1aa20bbd43173cd98409ef2952a531eca72daf8b66676b69
Apple Security Advisory 2019-8-13-3
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-3 - watchOS 5.3 addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8624, CVE-2019-8641, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8657, CVE-2019-8658, CVE-2019-8659, CVE-2019-8660, CVE-2019-8662, CVE-2019-8665, CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8688, CVE-2019-8689, CVE-2019-9506
SHA-256 | 8687e23349eecbb5e491abfca28715e37deeab31dc11419ace073eeecc681bf4
Apple Security Advisory 2019-8-13-2
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-2 - iOS 12.4 addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8663, CVE-2019-8665, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684
SHA-256 | b98e7cd927afee1903b1b3a7c757e97c4d76ba11e133c4498d01036e781da6da
Apple Security Advisory 2019-8-13-1
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-1 - Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra.

tags | advisory
systems | apple
advisories | CVE-2018-16860, CVE-2018-19860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8646, CVE-2019-8648, CVE-2019-8656, CVE-2019-8657, CVE-2019-8660, CVE-2019-8661, CVE-2019-8662, CVE-2019-8663, CVE-2019-8667, CVE-2019-8691, CVE-2019-8692, CVE-2019-8693, CVE-2019-8694, CVE-2019-8695, CVE-2019-8697, CVE-2019-9506
SHA-256 | 6266eca3896b7b39a8d738262e16698fe6e05863fe32766e7503eb368caf528d
Apple Security Advisory 2019-7-22-5
Posted Jul 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-5 - tvOS 12.4 is now available and addresses code execution, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8686, CVE-2019-8687
SHA-256 | a073d5ed8110ce510716aaf1b4327d7e54f250576137583621a10b137bdd1d21
Apple Security Advisory 2019-7-22-2
Posted Jul 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-2 - macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address bypass, code execution, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2018-16860, CVE-2018-19860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8646, CVE-2019-8648, CVE-2019-8656, CVE-2019-8657, CVE-2019-8660, CVE-2019-8661, CVE-2019-8662, CVE-2019-8663, CVE-2019-8667, CVE-2019-8670, CVE-2019-8691, CVE-2019-8692, CVE-2019-8693, CVE-2019-8694, CVE-2019-8695, CVE-2019-8697
SHA-256 | 06edb784a4752aa4a94e3f66afb745716e5fc85ffa3efeaa7239483824f55009
Apple Security Advisory 2019-7-22-4
Posted Jul 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-4 - watchOS 5.3 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8624, CVE-2019-8641, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8657, CVE-2019-8658, CVE-2019-8659, CVE-2019-8660, CVE-2019-8662, CVE-2019-8665, CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8688, CVE-2019-8689
SHA-256 | 05143da45f0a4a4a85ef183b070438591e5fb6f8ce9f083e0deaf3fa0438537c
Apple Security Advisory 2019-7-22-1
Posted Jul 22, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-1 - iOS 12.4 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8663, CVE-2019-8665, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684
SHA-256 | 98652db38a2c68e39ff0f8a5d43718e1f059313953f3baf2ab01cbbceebec0b7
Debian Security Advisory 4455-1
Posted Jun 3, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4455-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-16860, CVE-2019-12098
SHA-256 | 34fb9260f06657469efd3fcc207d0a3f9bdd4ceb2e09ef50bcedaf28242118d4
Debian Security Advisory 4443-1
Posted May 15, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4443-1 - Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation.

tags | advisory
systems | linux, debian
advisories | CVE-2018-16860
SHA-256 | fb25e12c7143ff8b5e03faf896f26ee71a527079e816ff24c5e5022deb9629af
Ubuntu Security Notice USN-3976-2
Posted May 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3976-2 - USN-3976-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-16860
SHA-256 | dc238c801fb491a6deeff0ae33473ba76059857751a81303fa6bc4757e001b57
Ubuntu Security Notice USN-3976-1
Posted May 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3976-1 - Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-16860
SHA-256 | dd0a1a6394e8291ab9afd43a7fe9011256f9949be69dcaaa57db35a38fd62ecd
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close