CVE-2018-10919

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Published: Aug 22, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-10919
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	18.04	18.04.x
debian / debian_linux	9.0	9.0.x
samba / samba	4.8.0	4.8.4
samba / samba	4.7.0	4.7.9
samba / samba	4.0.0	4.6.16

http://www.securityfocus.com/bid/105081
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20180814-0001/
https://usn.ubuntu.com/3738-1/
https://www.debian.org/security/2018/dsa-4271
https://www.samba.org/samba/security/CVE-2018-10919.html

Vulnerability Database

289,697

CVE-2018-10919