Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1057

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Published

2018-03-13T16:29:00.287

Last Modified

2024-11-21T03:59:05.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-863
  • Type: Primary
    CWE-863
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System canonical ubuntu_linux 14.04 Yes
Operating System canonical ubuntu_linux 16.04 Yes
Operating System canonical ubuntu_linux 17.10 Yes
Operating System debian debian_linux 8.0 Yes
Application samba samba < 4.5.16 Yes
Application samba samba < 4.6.14 Yes
Application samba samba < 4.7.6 Yes
References