CVE-2018-16857

2025-06-10 02:04:31 +00:00 · 2018-11-28 15:25:44 +10:00 · 2018-11-28 15:25:44 +10:00 · 0bf9d91392
commit 0bf9d91392
parent 55db842269
1 changed files with 72 additions and 16 deletions
--- a/2018/16xxx/CVE-2018-16857.json
+++ b/2018/16xxx/CVE-2018-16857.json
@ -1,18 +1,74 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-16857",
-      "STATE" : "RESERVED"
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2018-16857",
+        "ASSIGNER": "sfowler@redhat.com"
    },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+    "affects": {
+        "vendor": {
+            "vendor_data": [
                {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "samba",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "4.9.3"
                                        }
                                    ]
                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-358"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.samba.org/samba/security/CVE-2018-16857.html"
+            },
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16857",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier.  In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
+    }
 }