CVE-2018-10919: Infoleak
First published: Tue Aug 14 2018(Updated: )
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/samba | <2:4.7.6+dfsg~ubuntu-0ubuntu2.2 | 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 |
| ubuntu/samba | <2:4.3.11+dfsg-0ubuntu0.14.04.16 | 2:4.3.11+dfsg-0ubuntu0.14.04.16 |
| ubuntu/samba | <4.6.16<4.7.9<4.8.4 | 4.6.16 4.7.9 4.8.4 |
| ubuntu/samba | <2:4.3.11+dfsg-0ubuntu0.16.04.15 | 2:4.3.11+dfsg-0ubuntu0.16.04.15 |
| debian/samba | 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.21.0~rc1+really4.20.4+dfsg-1 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Debian Debian Linux | =9.0 | |
| Samba | >=4.0.0<4.6.16 | |
| Samba | >=4.7.0<4.7.9 | |
| Samba | >=4.8.0<4.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/105081
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
- https://security.gentoo.org/glsa/202003-52
- https://security.netapp.com/advisory/ntap-20180814-0001/
- https://usn.ubuntu.com/3738-1/
- https://www.debian.org/security/2018/dsa-4271
- https://www.samba.org/samba/security/CVE-2018-10919.html
- https://launchpad.net/bugs/cve/CVE-2018-10919
- https://security-tracker.debian.org/tracker/CVE-2018-10919
- https://ubuntu.com/security/notices/USN-3738-1
- https://www.cve.org/CVERecord?id=CVE-2018-10919
- https://nvd.nist.gov/vuln/detail/CVE-2018-10919
- https://ubuntu.com/security/CVE-2018-10919
Frequently Asked Questions
What is CVE-2018-10919?
CVE-2018-10919 is a vulnerability in the Samba Active Directory LDAP server that allows an authenticated attacker to extract confidential attribute values using LDAP search expressions.
What is the severity of CVE-2018-10919?
CVE-2018-10919 has a severity rating of 6.5 (medium).
Which software versions are affected by CVE-2018-10919?
Samba versions before 4.6.16, 4.7.9, and 4.8.4 are vulnerable to CVE-2018-10919.
How can I fix CVE-2018-10919?
To fix CVE-2018-10919, update Samba to version 4.6.16, 4.7.9, or 4.8.4.
Where can I find more information about CVE-2018-10919?
You can find more information about CVE-2018-10919 on the Samba official website, the Debian security tracker, and the SecurityFocus website.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/samba
- canonical/samba
- version/samba/4.0.0
- version/samba/4.7.0
- version/samba/4.8.0