CVE-2018-14628Missing Authorization in Samba

CWE-862Missing Authorization7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaDebian SambaFedoraproject Fedora+1 more
Timeline
PublishedJan 17

Description

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDsamba/samba4.0.04.18.9+1
debiandebian/samba< samba 2:4.17.12+dfsg-0+deb12u3 (bookworm)
Debiansamba/samba< 2:4.17.12+dfsg-0+deb12u3+2
CVEListV5samba/sambaAll versions from 4.0.0 onwards

Also affects: Fedora 37

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.samba.orgPatch: lists.fedoraproject.org

🔴Vulnerability Details

2
OSV
CVE-2018-14628: An information leak vulnerability was discovered in Samba's LDAP server2023-01-17
GHSA
GHSA-88v2-p2r7-rvpx: An information leak vulnerability was discovered in Samba's LDAP server2023-01-17

📋Vendor Advisories

3
Microsoft
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attribu2023-01-10
Red Hat
samba: Unprivileged read of deleted object tombstones in AD LDAP server2022-04-13
Debian
CVE-2018-14628: samba - An information leak vulnerability was discovered in Samba's LDAP server. Due to ...2018

💬Community

1
Bugzilla
CVE-2018-14628 samba: Unprivileged read of deleted object tombstones in AD LDAP server2018-09-05
CVE-2018-14628 — Missing Authorization in Samba | cvebase