Test ID:	1.3.6.1.4.1.25623.1.0.104503
Category:	General
Title:	Samba Information Leak Vulnerability (CVE-2018-14628)
Summary:	Samba is prone to an information leak vulnerability.
Description:	Summary: Samba is prone to an information leak vulnerability. Vulnerability Insight: Samba is vulnerable to an information leak (compared with the established behaviour of Microsoft's Active Directory) when Samba is an Active Directory Domain Controller. Missing access control checks on the LDAP_SERVER_SHOW_DELETED_OID control in the DSDB database layer cause the LDAP server to disclose, to authenticated but not privileged users, the names and preserved attributes of deleted objects. (Microsoft AD simply does not return these objects on a search). No information that was hidden before the deletion is visible, but in Microsoft Active Directory the whole object is also not visible without administrative rights, whereas Samba allows read of limited set of attributes that are preserved after delete. There is no further vulnerability associated with this error, merely an information disclosure. Affected Software/OS: Samba versions from 4.0.0 onwards. Solution: Update to version 4.18.9, 4.19.3 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14628 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/ https://bugzilla.redhat.com/show_bug.cgi?id=1625445 https://bugzilla.samba.org/show_bug.cgi?id=13595 http://www.openwall.com/lists/oss-security/2023/11/28/4
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.