CVE-2018-10919

Sažetak

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Reference

http://www.securityfocus.com/bid/105081
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20180814-0001/
https://usn.ubuntu.com/3738-1/
https://www.debian.org/security/2018/dsa-4271
https://www.samba.org/samba/security/CVE-2018-10919.html

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:33

Objavljeno

22-08-2018 - 17:29