MGASA-2018-0201

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2018-1050 CVE-2018-1057

Published: 13 Apr 2018, 20:08

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Apr 2018, 20:08

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated samba packages fix security vulnerabilities It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon (CVE-2018-1050). Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users (CVE-2018-1057). Note that Mageia 5 was only affected by the CVE-2018-1050 issue.

Affected Systems

mageia•samba
< 3.6.25-2.9.mga5
mageia•samba
< 4.6.12-1.1.mga6

MGASA-2018-0201

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)