admins: get patching and/or updating. Unless you’re to have your passwords overwritten by, well, anyone else using Samba.

That’s the gist of an advisory warning that “On a Samba 4 Active Directory domain controller (AD DC) any authenticated can change other usersR; passwords over LDAP, including the passwords of administrative users and service accounts.”

“Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible,” the advisory adds.

The mess comes about because “… a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users’ passwords, including administrative users and privileged service accounts (eg Domain Controllers).”

“The LDAP server incorrectly validates certain LDAP password modifications against the “Change Password” privilege, but then performs a password reset operation.”

There’s some good news in the form of this simple workaround samba_CVE-2018-1057_helper --lock-pwchange that turns off the mistakenly loose password-setting permissions. Once you’ve done that, visit to download patched Samba versions 4.7.6, 4.6.14 and 4.5.16 to fix recent releases. Older versions of the software may have patches here. ®

Continuous Lifecycle London 2018 – Early Bird Tickets Now Available

Source link

thanks you RSS link


Please enter your comment!
Please enter your name here