CVE-2018-14628

CVE	CVE-2018-14628
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-01-17 18:15:00 UTC
Updated	2023-12-04 03:15:00 UTC
Description	An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Problem Types: CWE-862

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Samba	Samba	All	All	All	All

Reference	Source	Link	Tags
13595 – [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users	MISC	bugzilla.samba.org
www.openwall.com/lists/oss-security/2023/11/28/4		www.openwall.com
1625445 – (CVE-2018-14628) CVE-2018-14628 samba: Unprivileged read of deleted object tombstones in AD LDAP server	MISC	bugzilla.redhat.com
lists.fedoraproject.org/archives/list/[email protected]/messag...		lists.fedoraproject.org
lists.fedoraproject.org/archives/list/[email protected]/messag...		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

284787 Fedora Security Update for samba (FEDORA-2023-9adeb354af)
285119 Fedora Security Update for samba (FEDORA-2023-4e69bf4c59)
355410 Amazon Linux Security Advisory for samba : ALAS2023-2023-190
355418 Amazon Linux Security Advisory for samba : ALAS2023-2023-206
674141 EulerOS Security Update for samba (EulerOS-SA-2024-1496)
674142 EulerOS Security Update for samba (EulerOS-SA-2024-1517)
710873 Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202402-28)
905302 Common Base Linux Mariner (CBL-Mariner) Security Update for samba (13064)