AVG-651 log

Package	samba
Status	Fixed
Severity	Critical
Type	multiple issues
Affected	4.7.5-1
Fixed	4.7.6-1
Current	2:4.21.1-1 [extra]
Ticket	None
Created	Tue Mar 13 12:43:54 2018

Issue	Severity	Remote	Type	Description
CVE-2018-1057	Critical	Yes	Access restriction bypass	On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts.
CVE-2018-1050	Medium	Yes	Denial of service	All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external...

Issue

Severity

Remote

Type

Description

CVE-2018-1057

Critical

Yes

Access restriction bypass

On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts.

CVE-2018-1050

Medium

Yes

Denial of service

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external...

Date	Advisory	Package	Type
13 Mar 2018	ASA-201803-10	samba	multiple issues

References
https://lists.samba.org/archive/samba-announce/2018/000435.html