CVE-2018-1057Incorrect Authorization in Samba

CWE-863Incorrect Authorization13 documents9 sources
Severity
8.8HIGHNVD
OSV4.3
EPSS
7.7%
top 8.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
SambaDebian SambaCanonical Ubuntu Linux+4 more
Timeline
PublishedMar 13
Latest updateMay 13

Description

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDsamba/samba4.0.04.5.16+2
debiandebian/samba< samba 2:4.7.4+dfsg-2 (bookworm)
Debiansamba/samba< 2:4.7.4+dfsg-2+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.14.04.14+1
CVEListV5samba/sambaAll versions of Samba from 4.0.0 onwards.

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

3
GHSA
GHSA-6r4h-vw53-wmvv: On a Samba 4 AD DC the LDAP server in all versions of Samba from 42022-05-13
OSV
samba vulnerabilities2018-03-13
OSV
CVE-2018-1057: On a Samba 4 AD DC the LDAP server in all versions of Samba from 42018-03-13

📋Vendor Advisories

4
Ubuntu
Samba vulnerabilities2018-03-13
Red Hat
samba: Authenticated users can change other users password in an AD DC configuration2018-03-13
Microsoft
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' p2018-03-13
Debian
CVE-2018-1057: samba - On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards i...2018

🕵️Threat Intelligence

2
Tenable
April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability2018-04-27
Tenable
April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability2018-04-27

💬Community

3
Bugzilla
CVE-2018-1057 samba: Authenticated users can change other users password in an AD DC configuration [fedora-all]2018-03-13
Bugzilla
CVE-2018-1057 samba: Authenticated users can change other users password in an AD DC configuration2018-03-09
Bugzilla
CVE-2018-5785 openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c2018-01-23