CVE-2018-10919
Gentoo Linux Security Advisory 202003-52
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
El servidor Samba Active Directory LDAP era vulnerable a una divulgación de información debido a la ausencia de comprobaciones de control de acceso. Un atacante autenticado podría utilizar este fallo para extraer valores de atributo confidenciales utilizando expresiones de búsqueda LDAP. Las versiones 4.6.16, 4.7.9 y 4.8.4 de samba son vulnerables.
Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-08-14 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-203: Observable Discrepancy
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105081 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919 | Issue Tracking | |
| https://security.netapp.com/advisory/ntap-20180814-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.samba.org/samba/security/CVE-2018-10919.html | 2019-10-09 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202003-52 | 2019-10-09 | |
| https://usn.ubuntu.com/3738-1 | 2019-10-09 | |
| https://www.debian.org/security/2018/dsa-4271 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.0.0 < 4.6.16 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.6.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.7.0 < 4.7.9 Search vendor "Samba" for product "Samba" and version " >= 4.7.0 < 4.7.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.8.0 < 4.8.4 Search vendor "Samba" for product "Samba" and version " >= 4.8.0 < 4.8.4" | - |
Affected
| ||||||