[Samba] Error running CVE-2018-1057_helper on 4.5

Brian Candler b.candler at pobox.com
Wed Mar 14 08:35:53 UTC 2018

I tried to run this script on a system running 4.5.15 built from source 
under Ubuntu 16.04, but I get the following exception:

# PYTHONPATH="/usr/local/samba/lib/python2.7/site-packages/" 
./samba_CVE-2018-1057_helper --lock-pwchange
Temporarily overriding 'dsdb:schema update allowed' setting
Traceback (most recent call last):
   File "./samba_CVE-2018-1057_helper", line 139, in <module>
     sd_helper.modify_sd_on_dn(msg.dn, new_desc)
"/usr/local/samba/lib/python2.7/site-packages/samba/sd_utils.py", line 
40, in modify_sd_on_dn
     m.dn = Dn(self.ldb, object_dn)
TypeError: argument 2 must be string, not ldb.Dn
A transaction is still active in ldb context [0x2337ea0] on 

I tried doing "kinit Administrator" and then repeating, but that didn't 
change the error.

I see samba 4.8.0 was released yesterday, which means 4.5.x technically 
dropped out of support yesterday too: 

However, I also note that a security patch was released for 4.5.15:


Obviously I will have to proceed with the underlying patching and/or 
upgrading of Samba.  But if anyone can help me get the short-term fix 
working for 4.5, that would be a useful stop-gap.



More information about the samba mailing list