#VU14335 Information disclosure in Samba


Published: 2018-08-14

Vulnerability identifier: #VU14335

Vulnerability risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10919

CWE-ID: CWE-284

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing access control checks when displaying values of confidential attributes. A remote authenticated attacker can use LDAP search expression to  obtain both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.

Mitigation
Update to version 4.6.16, 4.7.9 or 4.8.4.

Vulnerable software versions

Samba: 4.8.0 - 4.8.3, 4.7.0 - 4.7.8, 4.6.0 - 4.6.15, 4.5.0 - 4.5.16, 4.4.0 - 4.4.16, 4.3.0 - 4.3.13, 4.2.0 - 4.2.14, 4.1.0 - 4.1.23, 4.0.0 - 4.0.26

External links
http://www.samba.org/samba/security/CVE-2018-10919.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS update for libldb
openEuler 22.03 LTS SP1 update for libldb
Gentoo update for Samba
OpenSUSE Linux update for samba
Slackware Linux update for samba
OpenSUSE Linux update for samba
Information disclosure in samba (Alpine package)
Debian update for samba
Multiple vulnerabilities in Samba