PT-2018-1055 · Samba+3 · Samba+3

Björn Baumbach

Published

2018-03-13

Updated

2024-06-15

CVE-2018-1057

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Samba versions 4.0.0 and later

Description The issue is related to the LDAP server in Samba, specifically when configured as an Active Directory domain controller. It incorrectly validates permissions to modify passwords over LDAP, allowing authenticated users to change any other users' passwords, including those of administrative users and privileged service accounts, such as Domain Controllers. This is due to deficiencies in the authorization mechanism.

Recommendations For Samba versions 4.0.0 and later, consider restricting access to the LDAP server to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of authenticated users to change passwords of other users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2018-1411

ALT-PU-2018-1412

ALT-PU-2018-1497

ALT-PU-2018-1498

ALT-PU-2018-2488

ALT-PU-2018-2489

AZL-7346

BDU:2018-00368

CVE-2018-1057

DLA-1754-1

DSA-4135-1

ECHO-1EE2-55C5-A468

MGASA-2018-0201

OPENSUSE-SU-2018_1727-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2018:1687-1

SUSE-SU-2018_1687-1

USN-3595-1

Affected Products

Alt Linux

Samba

Suse

Ubuntu

PT-2018-1055 · Samba+3 · Samba+3

CVE-2018-1057

Weakness Enumeration

Related Identifiers

Affected Products

References · 113