CVE-2018-16860

Name	CVE-2018-16860
Description	A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1788-1, DSA-4443-1, DSA-4455-1
Debian Bugs	928966

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
heimdal (PTS)	buster	7.5.0+dfsg-3	fixed
	buster (security)	7.5.0+dfsg-3+deb10u2	fixed
	bullseye (security), bullseye	7.7.0+dfsg-2+deb11u3	fixed
	bookworm	7.8.git20221117.28daf24+dfsg-2	fixed
	trixie	7.8.git20221117.28daf24+dfsg-4	fixed
	sid	7.8.git20221117.28daf24+dfsg-5	fixed
samba (PTS)	buster	2:4.9.5+dfsg-5+deb10u3	fixed
	buster (security)	2:4.9.5+dfsg-5+deb10u5	fixed
	bullseye	2:4.13.13+dfsg-1~deb11u5	fixed
	bullseye (security)	2:4.13.13+dfsg-1~deb11u6	fixed
	bookworm, bookworm (security)	2:4.17.12+dfsg-0+deb12u1	fixed
	trixie	2:4.19.5+dfsg-1	fixed
	sid	2:4.19.6+dfsg-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
heimdal	source	stretch	7.1.0+dfsg-13+deb9u3	DSA-4455-1
heimdal	source	(unstable)	7.5.0+dfsg-3		928966
samba	source	jessie	2:4.2.14+dfsg-0+deb8u13	DLA-1788-1
samba	source	stretch	2:4.5.16+dfsg-1+deb9u2	DSA-4443-1
samba	source	(unstable)	2:4.9.5+dfsg-4

Notes

[jessie] - heimdal <no-dsa> (Minor issue)
https://www.samba.org/samba/security/CVE-2018-16860.html
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba