VULNERABILITY

Gentoo Linux: CVE-2018-16857: Samba: Multiple vulnerabilities

Try Surface Command Get a continuous 360° view of your attack surface
Back to Search

Gentoo Linux: CVE-2018-16857: Samba: Multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
11/28/2018
Created
03/28/2020
Added
03/27/2020
Modified
11/27/2024

Description

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.

Solution(s)

  • gentoo-linux-upgrade-net-fs-samba

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;