CVE-2018-1057

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1057
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1057.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1057
Downstream
Related
Published
2018-03-13T16:29:00.287Z
Modified
2026-04-11T12:06:33.317457Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "14.04"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "17.10"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
df33344d8eb40221d60c99931690703a11d91bc2
Fixed
4b43ad87039c0e94522b2baa7381255e28935f4e
Introduced
f17816a4ae2bb0ed45561347a4c578ca9ab28ccf
Fixed
d64e68abdb0c468467b6ea480dd2ede8c0315374
Introduced
d1e69845e28c20a491c4cd60c712b46ddfcb9dc0
Fixed
5cfa947e5098bc361ff13fdad1b4fe3211a39154
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.5.16"
        },
        {
            "introduced": "4.6.0"
        },
        {
            "fixed": "4.6.14"
        },
        {
            "introduced": "4.7.0"
        },
        {
            "fixed": "4.7.6"
        }
    ]
}

Affected versions

ldb-1.*
ldb-1.2.3
samba-4.*
samba-4.6.0
samba-4.6.10
samba-4.6.12
samba-4.6.13
samba-4.6.3
samba-4.6.5
samba-4.6.7
samba-4.6.9
samba-4.7.0
samba-4.7.1
samba-4.7.2
samba-4.7.4
samba-4.7.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1057.json"