vulnerability
Ubuntu: (Multiple Advisories) (CVE-2018-16860): Samba vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:S/C:P/I:P/A:P) | May 14, 2019 | May 15, 2019 | Apr 16, 2026 |
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Published
May 14, 2019
Added
May 15, 2019
Modified
Apr 16, 2026
Description
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
Solutions
ubuntu-pro-upgrade-heimdal-clientsubuntu-pro-upgrade-heimdal-clients-xubuntu-pro-upgrade-heimdal-kcmubuntu-pro-upgrade-heimdal-kdcubuntu-pro-upgrade-heimdal-serversubuntu-pro-upgrade-heimdal-servers-xubuntu-pro-upgrade-libgssapi3-heimdalubuntu-pro-upgrade-libkdc2-heimdalubuntu-pro-upgrade-libkrb5-26-heimdalubuntu-pro-upgrade-sambaubuntu-upgrade-heimdal-clientsubuntu-upgrade-heimdal-kcmubuntu-upgrade-heimdal-kdcubuntu-upgrade-heimdal-serversubuntu-upgrade-libgssapi3-heimdalubuntu-upgrade-libkdc2-heimdalubuntu-upgrade-libkrb5-26-heimdalubuntu-upgrade-samba
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.