Samba Vulnerabilities

This security vulnerability affects Ubuntu 17.10, 16.04, and 14.04 releases. Samba is the file, print, and login server for Unix and Unix like systems.

On March 13, 2018 this vulnerability was disclosed by Canonical on their security website. The person that discovered this vulnerability was Bjorn Baumbach.

He discovered that Samba would incorrectly validate permissions when changing account passwords via LDAP. This would allow an attacker to be able to change the passwords of other users.

Canonical has issued an update to fix the vulnerablity through the OTA channels. I have checked today to see if the updates was available, and they do show up as security updates.

References

CVE-2018-1050

CVE-2018-1057

Canonical Ltd. (2018, March 13). USN-3595-1: Samba vulnerabilities.         Retrieved March 14, 2018, from https://usn.ubuntu.com/3595-1/

Advertisements