Vulnerability CVE-2018-14628: Information

Description

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-14628
Published: Jan. 17, 2023
Modified: Dec. 4, 2023
Error type identifier: CWE-862

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.19.3-alt14.20.1-alt2ALT-PU-2023-7788-2335768Fixed
sambasisyphus_e2k4.19.3-alt14.20.1-alt1ALT-PU-2023-7906-1-Fixed
sambasisyphus_riscv644.19.3-alt14.20.1-alt2ALT-PU-2023-7965-1-Fixed
sambasisyphus_loongarch644.19.3-alt14.20.1-alt2ALT-PU-2023-7916-1-Fixed
sambap104.17.12-alt34.19.6-alt2ALT-PU-2023-7794-2332201Fixed
sambap10_e2k4.17.12-alt34.19.6-alt2ALT-PU-2023-7914-1-Fixed
sambap114.19.3-alt14.20.1-alt1ALT-PU-2023-7788-2335768Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.samba.org/show_bug.cgi?id=13595
  • Exploit
  • Issue Tracking
  • Patch
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/28/4
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

          1. Configuration 1

            cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
            Start including
            4.0.0

            Configuration 2

            cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top