---

CVE-2018-1057 - log back

CVE-2018-1057 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts.
References	+ https://www.samba.org/samba/security/CVE-2018-1057.html + https://wiki.samba.org/index.php/CVE-2018-1057 + https://github.com/samba-team/samba/commit/50e7788603b97104fe116a07ab14a1d1148f4405 + https://github.com/samba-team/samba/commit/c80456855197f9fe9ef497a7fc94504c28445343 + https://github.com/samba-team/samba/commit/ab7dc210e9aedc1222055822ff296e4a67cfb27b + https://github.com/samba-team/samba/commit/407a34c73fcd666c22776bbc4aa56d02c0683463 + https://github.com/samba-team/samba/commit/3e6621fe58014f19477633b1c0b54288550f0e87 + https://github.com/samba-team/samba/commit/9dd7dd9ebba8d449feea66695fab3cbbb22d00e8 + https://github.com/samba-team/samba/commit/766ab4c52b06532f2dd8801ccf5d4aadf07a098e + https://github.com/samba-team/samba/commit/0e15ce12e1e9733f1e8eb13e77cbcdd0aea29f29 + https://github.com/samba-team/samba/commit/39e689aa703536330083bfc4d58d15a2521e0f95 + https://github.com/samba-team/samba/commit/2fea9ee701fed0417d8f681238663b7b00c451f8 + https://github.com/samba-team/samba/commit/c653e51a3d991e0e08327186881b324b85106f0d + https://github.com/samba-team/samba/commit/b23bf04caeb196da9515addbcdf17db0723ee553 + https://github.com/samba-team/samba/commit/fbd16473ecf073f86e36f9e29a80151272661dce
Notes