Vulnerability CVE-2018-10919
Published: 2018-08-22

Description:
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Samba -> Samba 
Debian -> Debian linux 
Canonical -> Ubuntu linux 

 References:
http://www.securityfocus.com/bid/105081
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
https://security.netapp.com/advisory/ntap-20180814-0001/
https://usn.ubuntu.com/3738-1/
https://www.debian.org/security/2018/dsa-4271
https://www.samba.org/samba/security/CVE-2018-10919.html
Copyright 2024, cxsecurity.com

 

Back to Top