{ "threat_severity" : "Moderate", "public_date" : "2018-08-16T00:00:00Z", "bugzilla" : { "description" : "samba: Weak authentication protocol regression", "id" : "1589651", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1589651" }, "cvss3" : { "cvss3_base_score" : "5.4", "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.", "A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client." ], "acknowledgement" : "This issue was discovered by Vivek Das (Red Hat).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2018-10-30T00:00:00Z", "advisory" : "RHSA-2018:3056", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "samba-0:4.8.3-4.el7" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2612", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el6", "package" : "libtalloc-0:2.1.11-1.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2612", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el6", "package" : "libtdb-0:1.3.15-4.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2612", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el6", "package" : "libtevent-0:0.9.35-1.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2612", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el6", "package" : "samba-0:4.7.5-110.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2613", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el7", "package" : "libtalloc-0:2.1.11-1.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2613", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el7", "package" : "libtdb-0:1.3.15-4.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2613", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el7", "package" : "libtevent-0:0.9.35-1.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date" : "2018-09-04T00:00:00Z", "advisory" : "RHSA-2018:2613", "cpe" : "cpe:/a:redhat:storage:3.4:samba:el7", "package" : "samba-0:4.7.5-110.el7rhgs" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "samba", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "samba3x", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "samba", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "samba4", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "samba", "cpe" : "cpe:/o:redhat:enterprise_linux:8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1139\nhttps://www.samba.org/samba/security/CVE-2018-1139.html" ], "name" : "CVE-2018-1139", "csaw" : false }