Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2018-072-02
HistoryMar 13, 2018 - 10:18 p.m.

[slackware-security] samba

2018-03-1322:18:59
Slackware Linux Project
www.slackware.com
25

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.2%

JSON

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security a issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/samba-4.4.16-i586-3_slack14.2.txz: Rebuilt.
This is a security update in order to patch the following defect:
On a Samba 4 AD DC the LDAP server in all versions of Samba from
4.0.0 onwards incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users`
passwords, including administrative users.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-1057.html
https://wiki.samba.org/index.php/CVE-2018-1057
https://vulners.com/cve/CVE-2018-1057
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/samba-4.4.16-i486-3_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/samba-4.4.16-x86_64-3_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.4.16-i486-3_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.4.16-x86_64-3_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/samba-4.4.16-i586-3_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/samba-4.4.16-x86_64-3_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.7.6-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.7.6-x86_64-1.txz

MD5 signatures:

Slackware 14.0 package:
a1a1599d89b059ef1d691738f7915308 samba-4.4.16-i486-3_slack14.0.txz

Slackware x86_64 14.0 package:
92c5f951ccb34995dd49b3e8b1970a1d samba-4.4.16-x86_64-3_slack14.0.txz

Slackware 14.1 package:
7a69136850a4aac5a867d69cf802ab4d samba-4.4.16-i486-3_slack14.1.txz

Slackware x86_64 14.1 package:
eb5e35741571239fecfdbcca449443e8 samba-4.4.16-x86_64-3_slack14.1.txz

Slackware 14.2 package:
59124573ebc40f661831cad85733eaff samba-4.4.16-i586-3_slack14.2.txz

Slackware x86_64 14.2 package:
091d031ea7c0813152befa181d741320 samba-4.4.16-x86_64-3_slack14.2.txz

Slackware -current package:
7466d1ab6dab155a9e4380e6fd76c76e n/samba-4.7.6-i586-1.txz

Slackware x86_64 -current package:
f2c65a4b862389e3f251e40a151b5b6e n/samba-4.7.6-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg samba-4.4.16-i586-3_slack14.2.txz

Then, if Samba is running restart it:

> /etc/rc.d/rc.samba restart

Related

f5 1
samba 1
cvelist 1
nessus 11
redhatcve 1
openvas 15
nvd 1
checkpoint_advisories 1
cbl_mariner 1
osv 3
cve 1
zdt 1
veracode 1
ubuntucve 1
alpinelinux 1
prion 1
debiancve 1
suse 1
fedora 3
altlinux 6
ubuntu 1
debian 3
ibm 1
freebsd 1
threatpost 1
archlinux 1
mageia 1
thn 1
cisa 1
gentoo 1
f5
f5
K21595932 : Samba vulnerability CVE-2018-1057
2018-03-21 00:00:00
samba
samba
Authenticated users can change other users' password
2018-03-13 00:00:00
cvelist
cvelist
CVE-2018-1057
2018-03-13 16:00:00
nessus
nessus
Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2018-072-02)
2018-03-14 00:00:00
SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:1687-1)
2018-06-14 00:00:00
openSUSE Security Update : samba (openSUSE-2018-649)
2018-06-18 00:00:00
redhatcve
redhatcve
CVE-2018-1057
2018-03-13 10:19:11
openvas
openvas
Slackware: Security Advisory (SSA:2018-072-02)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1687-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for samba (openSUSE-SU-2018:1727-1)
2018-06-17 00:00:00
nvd
nvd
CVE-2018-1057
2018-03-13 16:29:00
checkpoint_advisories
checkpoint_advisories
Samba LDAP AD DC Privilege Escalation (CVE-2018-1057)
2019-02-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-1057 affecting package samba for versions less than 4.12.5-6
2024-04-30 02:42:18
osv
osv
CVE-2018-1057
2018-03-13 16:29:00
samba - security update
2018-03-13 00:00:00
samba - security update
2019-04-09 00:00:00
cve
cve
CVE-2018-1057
2018-03-13 16:29:00
zdt
zdt
Samba 4.x Password Change Vulnerability
2018-03-16 00:00:00
veracode
veracode
Privilege Escalation
2020-05-10 23:21:23
ubuntucve
ubuntucve
CVE-2018-1057
2018-03-13 00:00:00
alpinelinux
alpinelinux
CVE-2018-1057
2018-03-13 16:29:00
prion
prion
Code injection
2018-03-13 16:29:00
debiancve
debiancve
CVE-2018-1057
2018-03-13 16:29:00
suse
suse
Security update for samba (moderate)
2018-06-16 15:14:49
fedora
fedora
[SECURITY] Fedora 27 Update: libldb-1.3.2-1.fc27
2018-03-14 19:40:43
[SECURITY] Fedora 26 Update: samba-4.6.14-0.fc26
2018-03-20 17:38:39
[SECURITY] Fedora 27 Update: samba-4.7.6-0.fc27
2018-03-14 19:40:44
altlinux
altlinux
Security fix for the ALT Linux 8 package samba version 4.6.14-alt1
2018-03-12 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.6.14-alt1
2018-03-12 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.6.14-alt1.1
2018-03-15 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2018-03-13 00:00:00
debian
debian
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
[SECURITY] [DLA 1754-1] samba security update
2019-04-09 20:33:14
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
freebsd
freebsd
samba -- multiple vulnerabilities
2018-01-03 00:00:00
threatpost
threatpost
Samba Patches Two Critical Vulnerabilities in Server Software
2018-03-13 12:56:17
archlinux
archlinux
[ASA-201803-10] samba: multiple issues
2018-03-13 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2018-04-13 23:08:48
thn
thn
Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities
2018-03-13 10:05:00
cisa
cisa
Samba Releases Security Updates
2018-03-13 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2018-05-22 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.2%

JSON
Related for SSA-2018-072-02
f51samba1cvelist1nessus11redhatcve1openvas15nvd1checkpoint_advisories1cbl_mariner1osv3cve1zdt1veracode1ubuntucve1alpinelinux1prion1debiancve1suse1fedora3altlinux6ubuntu1debian3ibm1freebsd1threatpost1archlinux1mageia1thn1cisa1gentoo1