NAS Posted March 13, 2018 Share Posted March 13, 2018 CVE-2018-1057: Unprivileged user can change any user (and admin) password Caveats and further info here https://wiki.samba.org/index.php/CVE-2018-1057 3 Quote Link to comment
BRiT Posted March 13, 2018 Share Posted March 13, 2018 Do you think there will be security release on the "Stable" branch 6.4.x? Or will only the "really chaos" branch 6.5.x see the fix? Quote Link to comment
pwm Posted March 13, 2018 Share Posted March 13, 2018 Note that the issue is when Samba is used as AD domain controller. So most users aren't affected. 1 Quote Link to comment
itimpi Posted March 14, 2018 Share Posted March 14, 2018 I suspect it affects almost nobody? Even when we hear about unRAID being used in an AD context it is normally about unRAID joining an AD domain (i.e. unRAID is not the AD controller). Quote Link to comment
huffsper Posted March 15, 2018 Share Posted March 15, 2018 Fixed in 6.5.0 I'm pretty sure. From the release notes: samba: version 4.7.6 (CVE-2018-1050, CVE-2018-1057) Quote Link to comment
limetech Posted March 16, 2018 Share Posted March 16, 2018 This does not apply to unRAID and now that 6.5.0 is out, 6.4.x is EOS. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.