CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
39.9%
Samba is prone to an information leak vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:samba:samba";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.104503");
script_version("2023-11-30T05:06:26+0000");
script_tag(name:"last_modification", value:"2023-11-30 05:06:26 +0000 (Thu, 30 Nov 2023)");
script_tag(name:"creation_date", value:"2023-01-27 08:54:49 +0000 (Fri, 27 Jan 2023)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-24 20:03:00 +0000 (Tue, 24 Jan 2023)");
script_cve_id("CVE-2018-14628");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Samba Information Leak Vulnerability (CVE-2018-14628)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("General");
script_dependencies("smb_nativelanman.nasl", "gb_samba_detect.nasl");
script_mandatory_keys("samba/smb_or_ssh/detected");
script_tag(name:"summary", value:"Samba is prone to an information leak vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Samba is vulnerable to an information leak (compared with the
established behaviour of Microsoft's Active Directory) when Samba is an Active Directory Domain
Controller.
Missing access control checks on the LDAP_SERVER_SHOW_DELETED_OID control in the DSDB database
layer cause the LDAP server to disclose, to authenticated but not privileged users, the names and
preserved attributes of deleted objects. (Microsoft AD simply does not return these objects on a
search).
No information that was hidden before the deletion is visible, but in Microsoft Active Directory
the whole object is also not visible without administrative rights, whereas Samba allows read of
limited set of attributes that are preserved after delete.
There is no further vulnerability associated with this error, merely an information disclosure.");
script_tag(name:"affected", value:"Samba versions from 4.0.0 onwards.");
script_tag(name:"solution", value:"Update to version 4.18.9, 4.19.3 or later.");
script_xref(name:"URL", value:"https://www.samba.org/samba/history/samba-4.19.3.html");
script_xref(name:"URL", value:"https://www.samba.org/samba/history/samba-4.18.9.html");
script_xref(name:"URL", value:"https://www.samba.org/samba/security/CVE-2018-14628.html");
script_xref(name:"URL", value:"https://bugzilla.samba.org/show_bug.cgi?id=13595");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1625445");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range_exclusive(version: version, test_version_lo: "4.0.0", test_version_up: "4.18.9")) {
report = report_fixed_ver(installed_version: version, fixed_version: "4.18.9", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "4.19.0", test_version_up: "4.19.3")) {
report = report_fixed_ver(installed_version: version, fixed_version: "4.19.3", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
39.9%