CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.7%
All versions of Samba from 4.0.0 include an embedded copy of Heimdal
Kerberos. Heimdal has made a security release, which disclosed:
Fix CVE-2017-11103: Orpheusβ Lyre KDC-REP service name validation
This is a critical vulnerability.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in βenc_partβ instead of the unencrypted version
stored in βticketβ. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
See https://www.orpheus-lyre.info/ for more details.
The impact for Samba is particularly strong for cases where the Samba
DRS replication service contacts another DC requesting replication
of user passwords, as these could then be controlled by the attacker.
A patch addressing this defect has been posted to
https://www.samba.org/samba/security/
Additionally, Samba 4.6.6, 4.5.12 and 4.4.15 have been issued as security
releases to correct the defect. Samba vendors and administrators running
affected versions linked against the embedded Heimdal Kerberos are advised to
upgrade or apply the patch as soon as possible.
Samba versions built against MIT Kerberos are not impacted. Unless
you are running Samba as an AD DC, then rebuild samba using:
./configure --with-system-mitkrb5.
This problem was identified in Heimdal by Jeffrey Altman, Viktor
Duchovni and Nico Williams.
Andrew Bartlett, Garming Sam and Bob Campbell of Catalyst and the
Samba Team ported the fix to Samba and wrote this advisory.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.7%