It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
- CentOS6 Unitrends' appliances (physical and/or virtual), fixed in Unitrends software release-10.3.8-4. Please update to latest version
- CentOS7 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.