CVE-2018-14628

Name
CVE-2018-14628
Description
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.samba.org/show_bug.cgi?id=13595
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1625445
secalert@redhat.com http://www.openwall.com/lists/oss-security/2023/11/28/4
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.0.0 <= None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba 3.15-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.14-main 4.14.14-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.17-main 4.16.11-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.16-main 4.15.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
samba 3.18-main 4.18.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.19-main 4.18.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba 3.20-main 4.19.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
samba edge-main 4.20.2-r1 Natanael Copa <ncopa@alpinelinux.org> fixed