A flaw was found in the way Samba AD DC validated user permissions. An authenticated attacker could use this flaw to change any other users passwords, including administrative users.
Find out more about CVE-2018-1057 from the MITRE CVE dictionary dictionary and NIST NVD.
The versions of samba shipped with Red Hat Enterprise Linux 6 and 7 do not support Active Directory Domain Controller (AD-DC) mode. Therefore this flaw does not affect Red Hat Enterprise Linux 6 and 7.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 7.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Attack Vector | Adjacent Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Package | State |
---|---|---|
Red Hat Gluster Storage 3 | samba | Not affected |
Red Hat Enterprise Linux 7 | samba | Not affected |
Red Hat Enterprise Linux 6 | samba | Not affected |
Red Hat Enterprise Linux 6 | samba4 | Not affected |
Red Hat Enterprise Linux 5 | samba | Not affected |
Red Hat Enterprise Linux 5 | samba3x | Not affected |
Revoke the change passwords right for everyone from all user objects (including computers) in the directory. Note that this will prevent users from being able to change their own expired passwords, so the maximum password age should be set to a value that prevents user passwords from expiring while the workaround is in place. For more information please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1553553#c3