CVE-2018-1057

Sažetak

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Reference

https://www.samba.org/samba/security/CVE-2018-1057.html
https://bugzilla.redhat.com/show_bug.cgi?id=1553553
https://www.debian.org/security/2018/dsa-4135
https://security.netapp.com/advisory/ntap-20180313-0001/
http://www.securitytracker.com/id/1040494
http://www.securityfocus.com/bid/103382
https://www.synology.com/support/security/Synology_SA_18_08
https://usn.ubuntu.com/3595-1/
https://security.gentoo.org/glsa/201805-07
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2022 - 20:11

Objavljeno

13-03-2018 - 16:29