8.8
CVE-2018-1057
- EPSS 10.31%
- Veröffentlicht 13.03.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:05
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10 SwEditionlts
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.31% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://security.gentoo.org/glsa/201805-07
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
https://security.netapp.com/advisory/ntap-20180313-0001/
https://usn.ubuntu.com/3595-1/
https://www.debian.org/security/2018/dsa-4135
http://www.securityfocus.com/bid/103382
http://www.securitytracker.com/id/1040494
https://bugzilla.redhat.com/show_bug.cgi?id=1553553
https://www.samba.org/samba/security/CVE-2018-1057.html
https://www.synology.com/support/security/Synology_SA_18_08