Launchpad CVE tracker

CVE 2018-1057

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Related bugs and status

CVE-2018-1057 (Candidate) is related to these bugs:

Bug #1755057: Samba 4.7.4 should not be shipped as an AD DC

Summary				In	Importance	Status
	1755057	Samba 4.7.4 should not be shipped as an AD DC		samba (Ubuntu)	High	Fix Released

Bug #1755059: Samba [Bug 13272] [SECURITY] CVE-2018-1057

		In	Importance	Status
1755059	Samba [Bug 13272] [SECURITY] CVE-2018-1057	samba (Ubuntu)	High	Fix Released
1755059	Samba [Bug 13272] [SECURITY] CVE-2018-1057	samba (Ubuntu Xenial)	High	Fix Released
1755059	Samba [Bug 13272] [SECURITY] CVE-2018-1057	samba (Ubuntu Bionic)	High	Fix Released
1755059	Samba [Bug 13272] [SECURITY] CVE-2018-1057	samba (Ubuntu Trusty)	High	Fix Released
1755059	Samba [Bug 13272] [SECURITY] CVE-2018-1057	samba (Ubuntu Artful)	High	Fix Released

Bug #1778125: Please merge from debian's 4.8.2

Summary				In	Importance	Status
	1778125	Please merge from debian's 4.8.2		samba (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-1057

References