Vulnerability Database

289,782

Total vulnerabilities in the database

CVE-2018-1057

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

  • Published: Mar 13, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-1057
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
debian / debian_linux 8.0 8.0.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 17.10 17.10.x
samba / samba 4.7.0 4.7.6
samba / samba 4.6.0 4.6.14
samba / samba 4.0.0 4.5.16