Select Page

[Overview]

LDAP is an Internet standard protocol designed for directory services. Active Directory is the directory service used by Microsoft system on Windows domain networks, which contain domain controllers that run various services. The new version of Samba includes an LDAP server that can run as an Active Directory domain controller. Recently, Samba repaired a privilege escalation vulnerability.

[Vulnerability Details]

CVE-2018-1057: A privilege escalation vulnerability exists when Samba is configured as an Active Directory domain controller. Authenticated users can use LDAP to change passwords for arbitrary users and computer accounts, such as admin users and privileged service accounts, without the need for old passwords.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1057

[Severity]

Critical

[Affected Version]

  • Samba Team Samba 4.0.0 through 4.4.x
  • Samba Team Samba 4.5.x prior to 4.5.16
  • Samba Team Samba 4.6.x prior to 4.6.14
  • Samba Team Samba 4.7.x prior to 4.7.6

[Suggestions]

Only allow trusted users to bind to servers


Upgrade to Samba latest fixes 4.5.16, 4.6.14, 4.7.6

Official statement: https://wiki.samba.org/index.php/CVE-2018-1057


Fix version: https://www.samba.org/samba/history/security.html

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.233. By deploying any Hillstone Networks solution with the IPS function, the Samba LDAP AD DC Privilege Escalation vulnerability can be quickly detected and effectively intercepted, preventing server from being attacked.


Threat Events Detected by Hillstone Solutions


Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level