CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
90.1%
Severity: Critical
Date : 2018-03-13
CVE-ID : CVE-2018-1050 CVE-2018-1057
Package : samba
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-651
The package samba before version 4.7.6-1 is vulnerable to multiple
issues including access restriction bypass and denial of service.
Upgrade to 4.7.6-1.
The problems have been fixed upstream in version 4.7.6.
Ensure the parameter:
rpc_server:spoolss = external
is not set in the [global] section of your smb.conf.
Revoke the change passwords right for ‘the world’ from all user objects
(including computers) in the directory, leaving only the right to
change a user’s own password.
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
service attack when the RPC spoolss service is configured to be run as
an external daemon. Missing input sanitization checks on some of the
input parameters to spoolss RPC calls could cause the print spooler
service to crash.
On a Samba 4 AD DC any authenticated user can change other users’
passwords over LDAP, including the passwords of administrative users
and service accounts.
A remote attacker is able to change other users passwords on a Samba 4
AD DC or perform a denial of service attack by sending a specially
crafted request to the spoolss service.
https://lists.samba.org/archive/samba-announce/2018/000435.html
https://www.samba.org/samba/security/CVE-2018-1050.html
https://github.com/samba-team/samba/commit/c41895be8222199ffe69749e32afc9946517f63f
https://www.samba.org/samba/security/CVE-2018-1057.html
https://wiki.samba.org/index.php/CVE-2018-1057
https://github.com/samba-team/samba/commit/50e7788603b97104fe116a07ab14a1d1148f4405
https://github.com/samba-team/samba/commit/c80456855197f9fe9ef497a7fc94504c28445343
https://github.com/samba-team/samba/commit/ab7dc210e9aedc1222055822ff296e4a67cfb27b
https://github.com/samba-team/samba/commit/407a34c73fcd666c22776bbc4aa56d02c0683463
https://github.com/samba-team/samba/commit/3e6621fe58014f19477633b1c0b54288550f0e87
https://github.com/samba-team/samba/commit/9dd7dd9ebba8d449feea66695fab3cbbb22d00e8
https://github.com/samba-team/samba/commit/766ab4c52b06532f2dd8801ccf5d4aadf07a098e
https://github.com/samba-team/samba/commit/0e15ce12e1e9733f1e8eb13e77cbcdd0aea29f29
https://github.com/samba-team/samba/commit/39e689aa703536330083bfc4d58d15a2521e0f95
https://github.com/samba-team/samba/commit/2fea9ee701fed0417d8f681238663b7b00c451f8
https://github.com/samba-team/samba/commit/c653e51a3d991e0e08327186881b324b85106f0d
https://github.com/samba-team/samba/commit/b23bf04caeb196da9515addbcdf17db0723ee553
https://github.com/samba-team/samba/commit/fbd16473ecf073f86e36f9e29a80151272661dce
https://security.archlinux.org/CVE-2018-1050
https://security.archlinux.org/CVE-2018-1057
github.com/samba-team/samba/commit/0e15ce12e1e9733f1e8eb13e77cbcdd0aea29f29
github.com/samba-team/samba/commit/2fea9ee701fed0417d8f681238663b7b00c451f8
github.com/samba-team/samba/commit/39e689aa703536330083bfc4d58d15a2521e0f95
github.com/samba-team/samba/commit/3e6621fe58014f19477633b1c0b54288550f0e87
github.com/samba-team/samba/commit/407a34c73fcd666c22776bbc4aa56d02c0683463
github.com/samba-team/samba/commit/50e7788603b97104fe116a07ab14a1d1148f4405
github.com/samba-team/samba/commit/766ab4c52b06532f2dd8801ccf5d4aadf07a098e
github.com/samba-team/samba/commit/9dd7dd9ebba8d449feea66695fab3cbbb22d00e8
github.com/samba-team/samba/commit/ab7dc210e9aedc1222055822ff296e4a67cfb27b
github.com/samba-team/samba/commit/b23bf04caeb196da9515addbcdf17db0723ee553
github.com/samba-team/samba/commit/c41895be8222199ffe69749e32afc9946517f63f
github.com/samba-team/samba/commit/c653e51a3d991e0e08327186881b324b85106f0d
github.com/samba-team/samba/commit/c80456855197f9fe9ef497a7fc94504c28445343
github.com/samba-team/samba/commit/fbd16473ecf073f86e36f9e29a80151272661dce
lists.samba.org/archive/samba-announce/2018/000435.html
security.archlinux.org/AVG-651
security.archlinux.org/CVE-2018-1050
security.archlinux.org/CVE-2018-1057
wiki.samba.org/index.php/CVE-2018-1057
www.samba.org/samba/security/CVE-2018-1050.html
www.samba.org/samba/security/CVE-2018-1057.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
90.1%