CVE-2018-10919
Publication date 14 August 2018
Last updated 25 August 2025
Ubuntu priority
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| samba | 18.04 LTS bionic |
Fixed 2:4.7.6+dfsg~ubuntu-0ubuntu2.2
|
| 16.04 LTS xenial |
Fixed 2:4.3.11+dfsg-0ubuntu0.16.04.15
|
|
| 14.04 LTS trusty |
Fixed 2:4.3.11+dfsg-0ubuntu0.14.04.16
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3738-1
- Samba vulnerabilities
- 14 August 2018