Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 include an embedded Heimdal Kerberos. Heimdal has made a security release, which disclosed:
Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
This is a critical vulnerability.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. See https://www.orpheus-lyre.info/ for more details.
The impact for Samba is particularly strong for cases where the Samba DRS replication service contacts another DC requesting replication of user passwords, as these could then be controlled by the attacker.
Unaffected Quantum Products
The following Quantum products are known to be unaffected by the Samba Heimdal Kerberos:
Scalar Key Manager
Scalar Tape Libraries
StorNext Q-series QD/QS/QSX
Lattus (C5, A10, S10, S20, S30)
Xcellis Application Director
Vulnerable Quantum Products
Versions of the following Quantum products are known to be vulnerable to Samba Heimdal Kerberos:
For Stornext NAS, the impact can be particularly intense for cases where the Samba DRS replication service contacts another DC requesting replication of user passwords, as these can then be controlled by the attacker.
The vulnerability in StorNext NAS was eliminated with the release of StorNext NAS 220.127.116.11.
In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 324 185. You will need your system serial number. For additional contact information, go to