AZL-7346

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7346.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-7346

Upstream

CVE-2018-1057

Published

2018-03-13T16:29:00Z

Modified

2026-04-01T05:22:17.339225Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2018-1057 affecting package samba for versions less than 4.12.5-6

Details

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

References

https://nvd.nist.gov/vuln/detail/CVE-2018-1057

Affected packages

Azure Linux:2 / samba

Package

Name: samba
Purl: pkg:rpm/azure-linux/samba

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.12.5-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7346.json"