#VU10951 Improper access control in Samba - CVE-2018-1057

Cybersecurity Help s.r.o.

Published: 2018-03-13

Vulnerability identifier: #VU10951

Vulnerability risk: Medium

CVSSv4.0: 7.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2018-1057

CWE-ID: CWE-284

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description
The vulnerability allows a remote attacker to change password of arbitrary user on the server.

The vulnerability exists due to insufficient validation of user rights when changing passwords. An authenticated attacker can send a specially crated LDAP request to the directory server and change password of arbitrary AD user, including administrative accounts.

Mitigation
Apply patch from vendors website.

Vulnerable software versions

Samba: 4.0.0 - 4.0.26, 4.1.0 - 4.1.23, 4.2.0 - 4.2.14, 4.3.0 - 4.3.13, 4.4.0 rc4 - 4.4.16, 4.5.0 - 4.5.15, 4.6.0 - 4.6.13, 4.7.0 - 4.7.5

External links
https://www.samba.org/samba/security/CVE-2018-1057.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for samba

Gentoo update for Samba

Improper access control in samba (Alpine package)

Slackware Linux update for samba

Arch Linux update for samba

Debian update for samba

Multiple vulnerabilities in Samba