Intrusion Prevention

Samba.Active.Directory.LDAP.Password.Reset

Description

This indicates an attack attempt to exploit a Privilege Escalation vulnerability in Samba server.
The vulnerability is due to an error in Samba Active Directory DC implementation when change the user password via LDAP. A remote attacker may be able to exploit this to rest the passwords of admin users on the affected system.

Affected Products

Samba Team Samba 4.0 to 4.4
Samba Team Samba 4.5 before 4.5.16
Samba Team Samba 4.6 before 4.6.14
Samba Team Samba 4.7 before 4.7.6

Impact

Privilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems.

Recommended Actions

Refer to the vendor's website for the suggested workaround.
https://www.samba.org/samba/security/CVE-2018-1057.html

CVE References

CVE-2018-1057