Discover Server Security News
Samba settings SNAFU lets any user change admin passwords
Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba.
That’s the gist of an advisory warning that “On a Samba 4 Active Directory domain controller (AD DC) any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts.”