A double-free was found when Samba's KDC is used as an Active Directory Domain Controller. An authenticated attacker could use this flaw to cause a denial of service (application crash).
A flaw was found in Samba from 4.3.0 versions. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. This could result in a Denial of Service attack.
Created samba tracking bugs for this issue:
Affects: fedora-all [bug 1654082]
Name: The Samba Team
Upstream: Alex MacCuish
This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.