CVE-2018-1057

Priority
Description
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0
onwards incorrectly validates permissions to modify passwords over LDAP
allowing authenticated users to change any other users' passwords,
including administrative users and privileged service accounts (eg Domain
Controllers).
Notes
 mdeslaur> 4.0.0 onwards
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.7.6,4.6.14,4.5.16)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2:3.6.25-0ubuntu0.12.04.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.3.11+dfsg-0ubuntu0.14.04.14)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.11+dfsg-0ubuntu0.16.04.13)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:4.7.6+dfsg~ubuntu-0ubuntu1)
More Information

Updated: 2019-03-19 12:30:14 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)