CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Read the notes from the security team

Why is this CVE low priority?

minor information leak

Learn more about Ubuntu priority

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	24.04 LTS noble	Fixed 2:4.19.4+dfsg-3ubuntu1
	23.10 mantic	Ignored
	23.04 lunar	Ignored
	22.10 kinetic	Ignored
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Vulnerable
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Vulnerable
	14.04 LTS trusty	Vulnerable

Notes

mdeslaur

This issue was fixed in Samba 4.18.9 and 4.19.3, but has not yet been fixed in 4.17.x

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: https://git.samba.org/?p=samba.git;a=commit;h=3be190dcf7153e479383f7f3d29ddca43fe121b8 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=0c329a0fda37d87ed737e4b579b6d04ec907604c Upstream: https://git.samba.org/?p=samba.git;a=commit;h=7f8b15faa76d05023c987fac2c4c31f9ac61bb47 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=498542be0bbf4f26558573c1f87b77b8e3509371 Upstream: https://git.samba.org/?p=samba.git;a=commit;h=70586061128f90afa33f25e104d4570a1cf778db Upstream: https://git.samba.org/?p=samba.git;a=commit;h=97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566

Package

Patch details

samba

Severity score breakdown

Parameter	Value
Base score	4.3 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2018-14628

Cvss 3 Severity Score

Why is this CVE low priority?

Status

Notes

mdeslaur

Patch details

Severity score breakdown

References

Other references