CVE-2018-10919
EUVD-2018-297322.08.2018, 17:29
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| samba | samba | 4.0.0 ≤ 𝑥 < 4.6.16 |
| samba | samba | 4.7.0 ≤ 𝑥 < 4.7.9 |
| samba | samba | 4.8.0 ≤ 𝑥 < 4.8.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
References