cvelist/2018/1xxx/CVE-2018-1057.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "secalert@redhat.com",
      "DATE_PUBLIC" : "2018-03-13T00:00:00",
      "ID" : "CVE-2018-1057",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Samba",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "All versions of Samba from 4.0.0 onwards."
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Samba"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers)."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "CWE-863"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1553553",
            "refsource" : "CONFIRM",
            "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1553553"
         },
         {
            "name" : "https://www.samba.org/samba/security/CVE-2018-1057.html",
            "refsource" : "CONFIRM",
            "url" : "https://www.samba.org/samba/security/CVE-2018-1057.html"
         },
         {
            "name" : "https://security.netapp.com/advisory/ntap-20180313-0001/",
            "refsource" : "CONFIRM",
            "url" : "https://security.netapp.com/advisory/ntap-20180313-0001/"
         },
         {
            "name" : "https://www.synology.com/support/security/Synology_SA_18_08",
            "refsource" : "CONFIRM",
            "url" : "https://www.synology.com/support/security/Synology_SA_18_08"
         },
         {
            "name" : "DSA-4135",
            "refsource" : "DEBIAN",
            "url" : "https://www.debian.org/security/2018/dsa-4135"
         },
         {
            "name" : "GLSA-201805-07",
            "refsource" : "GENTOO",
            "url" : "https://security.gentoo.org/glsa/201805-07"
         },
         {
            "name" : "USN-3595-1",
            "refsource" : "UBUNTU",
            "url" : "https://usn.ubuntu.com/3595-1/"
         },
         {
            "name" : "103382",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/103382"
         },
         {
            "name" : "1040494",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1040494"
         }
      ]
   }
}
- Synchronized data. 2017-12-04 03:02:28 -05:00			`{`
			`"CVE_data_meta" : {`
- Added submissions from Red Hat from 2018-03-13. 2018-03-13 11:37:36 -04:00			`"ASSIGNER" : "secalert@redhat.com",`
			`"DATE_PUBLIC" : "2018-03-13T00:00:00",`
- Synchronized data. 2017-12-04 03:02:28 -05:00			`"ID" : "CVE-2018-1057",`
- Added submissions from Red Hat from 2018-03-13. 2018-03-13 11:37:36 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Samba",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "All versions of Samba from 4.0.0 onwards."`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Samba"`
			`}`
			`]`
			`}`
- Synchronized data. 2017-12-04 03:02:28 -05:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submissions from Red Hat from 2018-03-13. 2018-03-13 11:37:36 -04:00			`"value" : "On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers)."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "CWE-863"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1553553",`
			`"refsource" : "CONFIRM",`
- Added submissions from Red Hat from 2018-03-13. 2018-03-13 11:37:36 -04:00			`"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1553553"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.samba.org/samba/security/CVE-2018-1057.html",`
			`"refsource" : "CONFIRM",`
- Added submissions from Red Hat from 2018-03-13. 2018-03-13 11:37:36 -04:00			`"url" : "https://www.samba.org/samba/security/CVE-2018-1057.html"`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://security.netapp.com/advisory/ntap-20180313-0001/",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`"url" : "https://security.netapp.com/advisory/ntap-20180313-0001/"`
			`},`
- Synchronized data. 2018-03-15 06:05:11 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://www.synology.com/support/security/Synology_SA_18_08",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2018-03-15 06:05:11 -04:00			`"url" : "https://www.synology.com/support/security/Synology_SA_18_08"`
			`},`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-4135",`
			`"refsource" : "DEBIAN",`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`"url" : "https://www.debian.org/security/2018/dsa-4135"`
			`},`
- Synchronized data. 2018-10-21 06:04:20 -04:00			`{`
			`"name" : "GLSA-201805-07",`
			`"refsource" : "GENTOO",`
			`"url" : "https://security.gentoo.org/glsa/201805-07"`
			`},`
- Synchronized data. 2018-03-15 06:05:11 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "USN-3595-1",`
			`"refsource" : "UBUNTU",`
- Synchronized data. 2018-03-15 06:05:11 -04:00			`"url" : "https://usn.ubuntu.com/3595-1/"`
			`},`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "103382",`
			`"refsource" : "BID",`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`"url" : "http://www.securityfocus.com/bid/103382"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "1040494",`
			`"refsource" : "SECTRACK",`
- Synchronized data. 2018-03-14 06:02:33 -04:00			`"url" : "http://www.securitytracker.com/id/1040494"`
- Synchronized data. 2017-12-04 03:02:28 -05:00			`}`
			`]`
			`}`
			`}`