CVE-2018-10919

NameCVE-2018-10919
DescriptionThe Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1539-1, DSA-4271-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
samba (PTS)bullseye (security), bullseye2:4.13.13+dfsg-1~deb11u6fixed
bookworm, bookworm (security)2:4.17.12+dfsg-0+deb12u1fixed
trixie2:4.20.2+dfsg-7fixed
sid2:4.20.2+dfsg-10fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sambasourcejessie2:4.2.14+dfsg-0+deb8u10DLA-1539-1
sambasourcestretch2:4.5.12+dfsg-2+deb9u3DSA-4271-1
sambasource(unstable)2:4.8.4+dfsg-1

Notes

https://www.samba.org/samba/security/CVE-2018-10919.html
Search for package or bug name: Reporting problems