Samba Heimdal Kerberos

Summary

Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 include an embedded Heimdal Kerberos. Heimdal has made a security release, which disclosed:

Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

This is a critical vulnerability.

In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. See https://www.orpheus-lyre.info/ for more details.

The impact for Samba is particularly strong for cases where the Samba DRS replication service contacts another DC requesting replication of user passwords, as these could then be controlled by the attacker.


Unaffected Quantum Products

The following Quantum products are known to be unaffected by the Samba Heimdal Kerberos:


Vulnerable Quantum Products

Versions of the following Quantum products are known to be vulnerable to Samba Heimdal Kerberos:


Impact

For Stornext NAS, the impact can be particularly intense for cases where the Samba DRS replication service contacts another DC requesting replication of user passwords, as these can then be controlled by the attacker.


Solution

The vulnerability in StorNext NAS was eliminated with the release of StorNext NAS 1.4.1.1.

References

Contact Information

In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 324 185. You will need your system serial number. For additional contact information, go to http://www.quantum.com/serviceandsupport/get-help/index.aspx#contact-support