CVE-2018-14628

MEDIUM

Samba - Info Disclosure

Title source: llm

Description

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

References (6)

[Mailing List] http://www.openwall.com/lists/oss-security/2023/11/28/4

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1625445

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://bugzilla.samba.org/show_bug.cgi?id=13595

[Patch, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/

[Patch, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230223-0008/

Scores

CVSS v3 4.3

EPSS 0.0050

EPSS Percentile 65.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-862

Status published

Affected Products (2)

samba/samba < 4.18.9

fedoraproject/fedora

Timeline

Published Jan 17, 2023

Tracked Since Feb 18, 2026