PT-2018-3370 · Samba Team+4 · Samba+3

Published

2018-08-14

Updated

2025-02-13

CVE-2018-10919

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.6.16 Samba versions prior to 4.7.9 Samba versions prior to 4.8.4

Description: The Samba Active Directory LDAP server has an information disclosure flaw due to missing access control checks. An authenticated attacker can exploit this issue to extract confidential attribute values using LDAP search expressions.

Recommendations: For versions prior to 4.6.16, update to version 4.6.16 or later. For versions prior to 4.7.9, update to version 4.7.9 or later. For versions prior to 4.8.4, update to version 4.8.4 or later.

Exploit

Fix

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

ALT-PU-2018-2167

ALT-PU-2018-2168

ALT-PU-2018-2488

ALT-PU-2018-2489

ALT-PU-2023-1618

ALT-PU-2023-1808

ALT-PU-2023-7794

ALT-PU-2024-12484

ALT-PU-2024-14683

BDU:2020-00692

CVE-2018-10919

DLA-1539-1

DSA-4271-1

ECHO-9966-DA92-510A

MGASA-2018-0424

OPENSUSE-SU-2018_2400-1

OPENSUSE-SU-2018_3211-1

OPENSUSE-SU-2024:11365-1

SUSE-SU-2018:2318-1

SUSE-SU-2018:3161-1

SUSE-SU-2018_3161-1

USN-3738-1

Affected Products

Alt Linux

Samba

Suse

Ubuntu

PT-2018-3370 · Samba Team+4 · Samba+3

CVE-2018-10919

Weakness Enumeration

Related Identifiers

Affected Products

References · 124