CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
sambasamba
4.0.0 ≤
𝑥
< 4.18.9
sambasamba
4.19.0 ≤
𝑥
< 4.19.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
vulnerable
bullseye
ignored
bookworm
postponed
buster
ignored
bookworm (security)
vulnerable
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
noble
Fixed 2:4.19.4+dfsg-3ubuntu1
released
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
focal
needed
bionic
needed
xenial
needed
trusty
needed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/11/28/4
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
http://www.openwall.com/lists/oss-security/2023/11/28/4
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
https://security.netapp.com/advisory/ntap-20230223-0008/