CVE-2018-14628
Published: 17 January 2023
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Notes
Author | Note |
---|---|
Priority reason: minor information leak |
|
mdeslaur | This issue was fixed in Samba 4.18.9 and 4.19.3, but has not yet been fixed in 4.17.x |
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
jammy |
Needed
|
|
kinetic |
Ignored
(end of life, was deferred)
|
|
lunar |
Ignored
(end of life, was needed)
|
|
mantic |
Needed
|
|
noble |
Pending
(2:4.19.4+dfsg-2ubuntu1)
|
|
trusty |
Needed
|
|
upstream |
Released
(4.18.9,4.19.3)
|
|
xenial |
Needed
|
|
Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=3be190dcf7153e479383f7f3d29ddca43fe121b8 upstream: https://git.samba.org/?p=samba.git;a=commit;h=0c329a0fda37d87ed737e4b579b6d04ec907604c upstream: https://git.samba.org/?p=samba.git;a=commit;h=7f8b15faa76d05023c987fac2c4c31f9ac61bb47 upstream: https://git.samba.org/?p=samba.git;a=commit;h=498542be0bbf4f26558573c1f87b77b8e3509371 upstream: https://git.samba.org/?p=samba.git;a=commit;h=70586061128f90afa33f25e104d4570a1cf778db upstream: https://git.samba.org/?p=samba.git;a=commit;h=97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |