TTCSIRT-020.071717: TT-CSIRT Advisory – Samba Security Updates

TTCSIRT-020.071717: TT-CSIRT Advisory – Samba Security Updates

The Samba Team has reported a critical vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A Man-In-The-Middle Attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data.

A patch addressing this defect has been posted to https://www.samba.org/samba/security/ while Samba 4.6.6, 4.5.12 and 4.4.15 have been issued as security releases to correct the defect.

Samba vendors and administrators running affected versions linked against the embedded Heimdal Kerberos are advised to upgrade or apply the patch as soon as possible.