An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/11/28/4 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1625445 | Exploit Issue Tracking Patch Third Party Advisory |
https://bugzilla.samba.org/show_bug.cgi?id=13595 | Exploit Issue Tracking Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/ | |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/ |
Configurations
History
04 Dec 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2023, 20:03
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.samba.org/show_bug.cgi?id=13595 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1625445 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* |
|
First Time |
Samba samba
Samba Fedoraproject Fedoraproject fedora |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
17 Jan 2023, 18:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-17 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2018-14628
Mitre link : CVE-2018-14628
CVE.ORG link : CVE-2018-14628
JSON object : View
Products Affected
fedoraproject
- fedora
samba
- samba
CWE
CWE-862
Missing Authorization