CVE-2018-14628
Published: 17 January 2023
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Notes
Author | Note |
---|---|
Priority reason: minor information leak |
|
mdeslaur | This issue was fixed in Samba 4.18.9 and 4.19.3, but has not yet been fixed in 4.17.x |
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was deferred)
|
lunar |
Ignored
(end of life, was needed)
|
|
mantic |
Needed
|
|
bionic |
Needed
|
|
focal |
Needed
|
|
jammy |
Needed
|
|
trusty |
Needed
|
|
xenial |
Needed
|
|
upstream |
Released
(4.18.9,4.19.3)
|
|
Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=3be190dcf7153e479383f7f3d29ddca43fe121b8 (master) upstream: https://git.samba.org/?p=samba.git;a=commit;h=0c329a0fda37d87ed737e4b579b6d04ec907604c (master) upstream: https://git.samba.org/?p=samba.git;a=commit;h=7f8b15faa76d05023c987fac2c4c31f9ac61bb47 (master) upstream: https://git.samba.org/?p=samba.git;a=commit;h=498542be0bbf4f26558573c1f87b77b8e3509371 (master) upstream: https://git.samba.org/?p=samba.git;a=commit;h=70586061128f90afa33f25e104d4570a1cf778db (master) upstream: https://git.samba.org/?p=samba.git;a=commit;h=97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566 (master) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |