High severity8.8NVD Advisory· Published Mar 13, 2018· Updated Jun 17, 2026
CVE-2018-1057
CVE-2018-1057
Description
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9>=4.0.0+ 1 more
- (no CPE)range: >=4.0.0
- (no CPE)range: All versions of Samba from 4.0.0 onwards.
- osv-coords7 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 4.14.6+git.182.2205d5224e3-1.1+ 6 more
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
- (no CPE)range: < 4.6.14+git.150.1540e575faf-3.24.1
- (no CPE)range: < 4.6.14+git.150.1540e575faf-3.24.1
- (no CPE)range: < 4.6.14+git.150.1540e575faf-3.24.1
- (no CPE)range: < 4.6.14+git.150.1540e575faf-3.24.1
- (no CPE)range: < 4.6.14+git.150.1540e575faf-3.24.1
- (no CPE)range: < 4.6.14+git.150.1540e575faf-3.24.1
Patches
Vulnerability mechanics
References
10- www.securityfocus.com/bid/103382nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040494nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/04/msg00013.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201805-07nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20180313-0001/nvdThird Party Advisory
- usn.ubuntu.com/3595-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4135nvdThird Party Advisory
- www.samba.org/samba/security/CVE-2018-1057.htmlnvdMitigationVendor Advisory
- www.synology.com/support/security/Synology_SA_18_08nvdThird Party Advisory
News mentions
0No linked articles in our index yet.