Samba Settings SNAFU Lets Any User Change Admin Passwords
A vulnerability has been discovered in the Samba 4 Active Directory domain controller (AD DC) which allows authenticated users to change passwords for other accounts, including privileged and administrative accounts.
The Lightweight Directory Access Protocol (LDAP) server on a Samba 4 AD DC incorrectly validates some password modifications against the ‘Change Password’ privilege, but then carries out a password reset. The change does not produce any useful audit logs.If privileged accounts are compromised, then an attacker can read or modify any data on the domain.
Affected Platforms
Samba 4 Active Directory domain controller all versions prior to 4.7.6 / 4.6.14 / 4.5.16
Resolution
There is a simple workaround samba_CVE-2018-1057_helper --lock-pwchange that turns off the mistakenly loose password-setting permissions. Once you’ve done that, visit samba.org/samba/security/ to download patched Samba versions 4.7.6, 4.6.14 and 4.5.16 to fix recent releases. Older versions of the software may have patches here.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.