CVE-2018-1139

Impact:
Moderate
Public Date:
2018-08-16
CWE:
CWE-20
Bugzilla:
1589651: CVE-2018-1139 samba: Weak authentication protocol regression
A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

Find out more about CVE-2018-1139 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.4
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Gluster Storage 3.4 for RHEL 7 (samba) RHSA-2018:2613 2018-09-04
Red Hat Gluster Storage 3.4 for RHEL 6 (samba) RHSA-2018:2612 2018-09-04
Red Hat Enterprise Linux 7 (samba) RHSA-2018:3056 2018-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 samba Not affected
Red Hat Enterprise Linux 6 samba4 Not affected
Red Hat Enterprise Linux 5 samba Not affected
Red Hat Enterprise Linux 5 samba3x Not affected

Acknowledgements

This issue was discovered by Vivek Das (Red Hat).

External References

Last Modified