LDAP: Samba LDAP AD DC Privilege Escalation
This signature detects attempts to exploit a known vulnerability in Samba. Successful exploitation allows authenticated attackers to change other users' passwords, including administrative users and privileged service accounts (e.g. Domain Controllers).
Extended Description
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
Affected Products
Samba samba
Short Name
LDAP:SAMBA-LDAP-AD-DC-PE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
LDAP
Keywords
AD CVE-2018-1057 DC Escalation LDAP Privilege Samba bid:103382
Release Date
03/27/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Samba
Debian
Canonical
CVSS Score
6.5