Samba.Active.Directory.LDAP.Password.Reset
Description
This indicates an attack attempt to exploit a Privilege Escalation vulnerability in Samba server.
The vulnerability is due to an error in Samba Active Directory DC implementation when change the user password via LDAP. A remote attacker may be able to exploit this to rest the passwords of admin users on the affected system.
Affected Products
Samba Team Samba 4.0 to 4.4
Samba Team Samba 4.5 before 4.5.16
Samba Team Samba 4.6 before 4.6.14
Samba Team Samba 4.7 before 4.7.6
Impact
Privilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems.
Recommended Actions
Refer to the vendor's website for the suggested workaround.
https://www.samba.org/samba/security/CVE-2018-1057.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |