CVE-2018-14628

EUVD-2018-6534
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.18.9
sambasamba
4.19.0 ≤
𝑥
< 4.19.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
postponed
bookworm (security)
vulnerable
bullseye
ignored
bullseye (security)
vulnerable
buster
ignored
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
needed
focal
needed
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
Fixed 2:4.19.4+dfsg-3ubuntu1
released
trusty
needed
xenial
needed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/11/28/4
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
http://www.openwall.com/lists/oss-security/2023/11/28/4
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
https://security.netapp.com/advisory/ntap-20230223-0008/