CVE-2018-10919
4.3
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Samba Team | samba | 4.6.16 | affected |
| The Samba Team | samba | 4.7.9 | affected |
| The Samba Team | samba | 4.8.4 | affected |
Weaknesses
- CWE-203: CWE-203
ADP Enrichment
CVE Program Container
Additional References
- https://www.debian.org/security/2018/dsa-4271
- https://usn.ubuntu.com/3738-1/
- https://www.samba.org/samba/security/CVE-2018-10919.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
- https://security.netapp.com/advisory/ntap-20180814-0001/
- http://www.securityfocus.com/bid/105081
- https://security.gentoo.org/glsa/202003-52
References
- https://www.debian.org/security/2018/dsa-4271
- https://usn.ubuntu.com/3738-1/
- https://www.samba.org/samba/security/CVE-2018-10919.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
- https://security.netapp.com/advisory/ntap-20180814-0001/
- http://www.securityfocus.com/bid/105081
- https://security.gentoo.org/glsa/202003-52
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.