SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(Ubuntu Issues Fix) Samba Active Directory Domain Controller LDAP Permissions Error Lets Remote Authenticated Users Modify User Passwords on the Target System
SecurityTracker Alert ID:  1040501
SecurityTracker URL:  http://securitytracker.com/id/1040501
CVE Reference:   CVE-2018-1057   (Links to External Site)
Date:  Mar 13 2018
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.0 and after
Description:   A vulnerability was reported in Samba. A remote authenticated user can modify user passwords on the target system.

On an Active Directory (AD) domain controller (DC), the LDAP server does not properly validate permissions when modifying passwords via LDAP. A remote authenticated user on can change the passwords of other users, including administrative users and service accounts, on the target system.

Bjorn Baumbach from SerNet reported this vulnerability.

Impact:   A remote authenticated user on can change the passwords of other users, including administrative users and service accounts, on the target system.
Solution:   Ubuntu has issued a fix.

The Ubuntu advisory is available at:

Cause:   Access control error
Underlying OS:  Linux (Ubuntu)
Underlying OS Comments:  14.04 LTS, 16.04 LTS, 17.10

Message History:   This archive entry is a follow-up to the message listed below.
Mar 13 2018 Samba Active Directory Domain Controller LDAP Permissions Error Lets Remote Authenticated Users Modify User Passwords on the Target System



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC