Description

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Related CPE's

a

samba

samba

2

o

fedoraproject

fedora

37

Vulnerable

References

http://www.openwall.com/lists/oss-security/2023/11/28/4

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1625445

ExploitIssue TrackingPatchThird Party Advisory

https://bugzilla.samba.org/show_bug.cgi?id=13595

ExploitIssue TrackingPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

PatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/11/28/4

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1625445

ExploitIssue TrackingPatchThird Party Advisory

https://bugzilla.samba.org/show_bug.cgi?id=13595

ExploitIssue TrackingPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20230223-0008/

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-17T18:15:10.810

2 years ago

Last modified

2025-01-22T16:10:38.410

5 months ago