Test ID:	1.3.6.1.4.1.25623.1.0.811522
Category:	General
Title:	Samba Man in the Middle Security Bypass Vulnerability (Heimdal)
Summary:	Samba is prone to a MITM authentication validation bypass vulnerability.
Description:	Summary: Samba is prone to a MITM authentication validation bypass vulnerability. Vulnerability Insight: The flaw is due to error in function '_krb5_extract_ticket' where the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. Vulnerability Impact: Successfully exploiting this issue will allow a MITM attacker to impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. Affected Software/OS: All versions of Samba from 4.0.0 before 4.6.6 or 4.5.12 or 4.4.15. Note: All versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos. Samba binaries built against MIT Kerberos are not vulnerable. Solution: Upgrade to Samba 4.6.6 or 4.5.12 or 4.4.15 or later or apply the patch from below. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11103 BugTraq ID: 99551 http://www.securityfocus.com/bid/99551 Debian Security Information: DSA-3912 (Google Search) http://www.debian.org/security/2017/dsa-3912 FreeBSD Security Advisory: FreeBSD-SA-17:05 https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc https://www.orpheus-lyre.info/ http://www.securitytracker.com/id/1038876 http://www.securitytracker.com/id/1039427
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.