Lucene search

RedhatCVE-2018-1057

HistoryMar 13, 2018 - 4:29 p.m.

CVE-2018-1057

2018-03-1316:29:00

CWE-863

redhat

web.nvd.nist.gov

482

samba

ldap server

vulnerability

unauthorized access

password change

security issue

cve-2018-1057

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.011

Percentile

84.2%

JSON

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users’ passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Affected configurations

Nvd

Vulners

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10lts

debiandebian_linuxMatch8.0

Node

sambasambaRange4.0.0–4.5.16

sambasambaRange4.6.0–4.6.14

sambasambaRange4.7.0–4.7.6

VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux17.10cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:lts:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	17.10	cpe:2.3:o:canonical:ubuntu_linux:17.10::::lts:::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
samba	samba	*	cpe:2.3:a:samba:samba::::::::

CNA Affected

[
  {
    "product": "Samba",
    "vendor": "Samba",
    "versions": [
      {
        "status": "affected",
        "version": "All versions of Samba from 4.0.0 onwards."
      }
    ]
  }
]