Description

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Related CPE's

a

samba

samba

Vulnerable

o

fedoraproject

fedora

37

Vulnerable

References

http://www.openwall.com/lists/oss-security/2023/11/28/4

https://bugzilla.redhat.com/show_bug.cgi?id=1625445

ExploitIssue TrackingPatchThird Party Advisory

https://bugzilla.samba.org/show_bug.cgi?id=13595

ExploitIssue TrackingPatchVendor Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/

Weaknesses

[email protected]

Primary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-17T18:15:10.810

1 year ago

Last modified

2023-12-04T03:15:07.080

7 months ago