CVE-2018-1057
HIGHCanonical Ubuntu Linux < 4.5.16 - Incorrect Authorization
Title source: ruleDescription
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103382
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4135
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3595-1/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040494
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201805-07
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180313-0001/
Mitigation, Vendor Advisory x_refsource_confirm
https://www.samba.org/samba/security/CVE-2018-1057.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1553553
Third Party Advisory x_refsource_confirm
https://www.synology.com/support/security/Synology_SA_18_08
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
Scores
CVSS v3
8.8
EPSS
0.0772
EPSS Percentile
92.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (5)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.10
debian/debian_linux
8.0
samba/samba
4.0.0 - 4.5.16
Published
Mar 13, 2018
Tracked Since
Feb 18, 2026