CVE-2018-1057
Description
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users and privileged service accounts (eg Domain Controllers).
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.724
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba_4.6.7+dfsg-1ubuntu3.2_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba_4.6.7+dfsg-1ubuntu3.2_amd64.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba_4.3.11+dfsg-0ubuntu0.14.04.14_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba_4.3.11+dfsg-0ubuntu0.14.04.14_amd64.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba_4.3.11+dfsg-0ubuntu0.16.04.13_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba_4.3.11+dfsg-0ubuntu0.16.04.13_amd64.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba-dsdb-modules_4.6.7+dfsg-1ubuntu3.2_i386.deb | Linux |
| SMB/CIFS file, print, and login server for Unix (USN-3595-1) samba-dsdb-modules_4.6.7+dfsg-1ubuntu3.2_amd64.deb | Linux |
| samba security update(DSA-4135-1) samba_4.5.12+dfsg-2+deb9u2_i386.deb | Linux |
| samba security update(DSA-4135-1) samba_4.5.12+dfsg-2+deb9u2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234