Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2018-14628

Published: 17 January 2023

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Notes

AuthorNote
Priority reason:
minor information leak
mdeslaur
This issue was fixed in Samba 4.18.9 and 4.19.3, but has not yet
been fixed in 4.17.x

Priority

Low

Cvss 3 Severity Score

4.3

Score breakdown

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

jammy Needed

kinetic Ignored
(end of life, was deferred)
lunar Ignored
(end of life, was needed)
mantic Ignored
(end of life, was needed)
noble
Released (2:4.19.4+dfsg-3ubuntu1)
trusty Needed

upstream
Released (4.18.9,4.19.3)
xenial Needed

Patches:
upstream: https://git.samba.org/?p=samba.git;a=commit;h=3be190dcf7153e479383f7f3d29ddca43fe121b8
upstream: https://git.samba.org/?p=samba.git;a=commit;h=0c329a0fda37d87ed737e4b579b6d04ec907604c
upstream: https://git.samba.org/?p=samba.git;a=commit;h=7f8b15faa76d05023c987fac2c4c31f9ac61bb47
upstream: https://git.samba.org/?p=samba.git;a=commit;h=498542be0bbf4f26558573c1f87b77b8e3509371
upstream: https://git.samba.org/?p=samba.git;a=commit;h=70586061128f90afa33f25e104d4570a1cf778db
upstream: https://git.samba.org/?p=samba.git;a=commit;h=97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566

Severity score breakdown

Parameter Value
Base score 4.3
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N