CVE-2018-14628

MEDIUM

Samba 4.0.0-4.18.8 - Authenticated Information Disclosure in LDAP Server

Title source: llm

Description

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

References (6)

Core 6

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2023/11/28/4

Exploit, Issue Tracking, Patch, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1625445

Exploit, Issue Tracking, Patch, Vendor Advisory

https://bugzilla.samba.org/show_bug.cgi?id=13595

Patch, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/

Patch, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230223-0008/

Scores

CVSS v3 4.3

EPSS 0.0053

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-862

Status published

Products (2)

fedoraproject/fedora 37

samba/samba 4.0.0 - 4.18.9

Published Jan 17, 2023

Tracked Since Feb 18, 2026