Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1057

Опубликовано: 13 мар. 2018
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

A flaw was found in the way Samba AD DC validated user permissions. An authenticated attacker could use this flaw to change any other users passwords, including administrative users.

Отчет

The versions of samba shipped with Red Hat Enterprise Linux 6 and 7 do not support Active Directory Domain Controller (AD-DC) mode. Therefore this flaw does not affect Red Hat Enterprise Linux 6 and 7.

Меры по смягчению последствий

Revoke the change passwords right for everyone from all user objects (including computers) in the directory. Note that this will prevent users from being able to change their own expired passwords, so the maximum password age should be set to a value that prevents user passwords from expiring while the workaround is in place. For more information please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1553553#c3

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sambaNot affected
Red Hat Enterprise Linux 5samba3xNot affected
Red Hat Enterprise Linux 6sambaNot affected
Red Hat Enterprise Linux 6samba4Not affected
Red Hat Enterprise Linux 7sambaNot affected
Red Hat Enterprise Linux 8sambaNot affected
Red Hat Storage 3sambaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=1553553samba: Authenticated users can change other users password in an AD DC configuration

EPSS

Процентиль: 91%
0.06724
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1057

CVSS3: 8.8
ubuntu
почти 8 лет назад

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

nvd логотип

CVE-2018-1057

CVSS3: 8.8
nvd
почти 8 лет назад

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

msrc логотип

CVE-2018-1057

CVSS3: 8.8
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-1057

CVSS3: 8.8
debian
почти 8 лет назад

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 ...

suse-cvrf логотип

openSUSE-SU-2018:1727-1

suse-cvrf
больше 7 лет назад

Security update for samba

EPSS

Процентиль: 91%
0.06724
Низкий

7.4 High

CVSS3