what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

CVE-2018-16860

Status Candidate

Overview

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.

Related Files

Apple Security Advisory 2019-8-13-4
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-4 - tvOS 12.4 addresses code execution, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8686, CVE-2019-8687
MD5 | 9410ec23a25b02097dfaa3ac5da2995f
Apple Security Advisory 2019-8-13-3
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-3 - watchOS 5.3 addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8624, CVE-2019-8641, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8657, CVE-2019-8658, CVE-2019-8659, CVE-2019-8660, CVE-2019-8662, CVE-2019-8665, CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8688, CVE-2019-8689, CVE-2019-9506
MD5 | 1aed33ea01066aa1115abde850673601
Apple Security Advisory 2019-8-13-2
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-2 - iOS 12.4 addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8663, CVE-2019-8665, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684
MD5 | df916c854ed3a2729571ccd7d25fc811
Apple Security Advisory 2019-8-13-1
Posted Aug 14, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-8-13-1 - Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra.

tags | advisory
systems | apple
advisories | CVE-2018-16860, CVE-2018-19860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8646, CVE-2019-8648, CVE-2019-8656, CVE-2019-8657, CVE-2019-8660, CVE-2019-8661, CVE-2019-8662, CVE-2019-8663, CVE-2019-8667, CVE-2019-8691, CVE-2019-8692, CVE-2019-8693, CVE-2019-8694, CVE-2019-8695, CVE-2019-8697, CVE-2019-9506
MD5 | 86af1a900e3371e1dc8751b5686fab1c
Apple Security Advisory 2019-7-22-5
Posted Jul 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-5 - tvOS 12.4 is now available and addresses code execution, cross site scripting, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8686, CVE-2019-8687
MD5 | 6feffd1dbe96552cd66bd7e65c7f4cd2
Apple Security Advisory 2019-7-22-2
Posted Jul 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-2 - macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address bypass, code execution, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2018-16860, CVE-2018-19860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8646, CVE-2019-8648, CVE-2019-8656, CVE-2019-8657, CVE-2019-8660, CVE-2019-8661, CVE-2019-8662, CVE-2019-8663, CVE-2019-8667, CVE-2019-8670, CVE-2019-8691, CVE-2019-8692, CVE-2019-8693, CVE-2019-8694, CVE-2019-8695, CVE-2019-8697
MD5 | 0cb56e1f776072ff7034f21c2cd175fa
Apple Security Advisory 2019-7-22-4
Posted Jul 23, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-4 - watchOS 5.3 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8624, CVE-2019-8641, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8657, CVE-2019-8658, CVE-2019-8659, CVE-2019-8660, CVE-2019-8662, CVE-2019-8665, CVE-2019-8669, CVE-2019-8672, CVE-2019-8676, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684, CVE-2019-8685, CVE-2019-8688, CVE-2019-8689
MD5 | 412bc678594c28b5a2d3b6c0a73f1f3c
Apple Security Advisory 2019-7-22-1
Posted Jul 22, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-7-22-1 - iOS 12.4 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | apple, ios
advisories | CVE-2018-16860, CVE-2019-13118, CVE-2019-8641, CVE-2019-8644, CVE-2019-8646, CVE-2019-8647, CVE-2019-8648, CVE-2019-8649, CVE-2019-8657, CVE-2019-8658, CVE-2019-8660, CVE-2019-8662, CVE-2019-8663, CVE-2019-8665, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8682, CVE-2019-8683, CVE-2019-8684
MD5 | 23a3e8592a20a87f05acfd811218619a
Debian Security Advisory 4455-1
Posted Jun 3, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4455-1 - Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-16860, CVE-2019-12098
MD5 | cef4f2ca45de7d4f8bbbcf6901f098fe
Debian Security Advisory 4443-1
Posted May 15, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4443-1 - Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos extension used in Samba's Active Directory support was susceptible to man-in-the-middle attacks caused by incomplete checksum validation.

tags | advisory
systems | linux, debian
advisories | CVE-2018-16860
MD5 | 5c7d3ea173eb8e6307e20eb9c3b6b097
Ubuntu Security Notice USN-3976-2
Posted May 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3976-2 - USN-3976-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-16860
MD5 | 53301491a63cf9393f70191a62ca11c0
Ubuntu Security Notice USN-3976-1
Posted May 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3976-1 - Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-16860
MD5 | 51a65003855ccc2a6147d5c21c86398c
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close