Information Leak in Samba's LDAP Server Discovered by Vendor
CVE-2018-14628

4.3MEDIUM

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 17 January 2023

What is CVE-2018-14628?

An information leak vulnerability exists in Samba's LDAP server due to inadequate access control checks. This allows an authenticated, but unprivileged attacker, to gain visibility into names and preserved attributes of objects that have been deleted from the LDAP store. The exposure of such sensitive information could potentially be exploited to understand the structure of the directory and the data lifecycle within the environment, leading to further security concerns.

Affected Version(s)

Samba All versions from 4.0.0 onwards

References

https://bugzilla.samba.org/show_bug.cgi?id=13595

https://bugzilla.redhat.com/show_bug.cgi?id=1625445

http://www.openwall.com/lists/oss-security/2023/11/28/4

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2023
Vulnerability Reserved
Jul 27, 2018