CVE-2018-10919
CVE-2018-10919
In short
Samba's Active Directory LDAP server had a flaw that allowed authenticated attackers to access confidential information they shouldn't have access to, because certain security checks were missing. This could expose sensitive data stored in the directory.
Technical detail
An information disclosure vulnerability in Samba AD LDAP due to insufficient access control validation on attribute retrieval. An authenticated attacker can craft LDAP search queries to extract confidential attribute values that should be restricted, affecting versions prior to 4.6.16, 4.7.9, and 4.8.4.
Summary generated and translated by AI from the official description.
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
The Samba Team · sambaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919https://security.gentoo.org/glsa/202003-52https://security.netapp.com/advisory/ntap-20180814-0001/https://usn.ubuntu.com/3738-1/https://www.debian.org/security/2018/dsa-4271https://www.samba.org/samba/security/CVE-2018-10919.htmlhttp://www.securityfocus.com/bid/105081