The Samba-Bugzilla – Attachment 14456 Details for
Bug 13595
CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Inital CVE text
CVE-2018-XXXX-unpriv-deleted-objects.txt (text/plain), 2.21 KB, created by
Andrew Bartlett
on 2018-08-31 01:27:47 UTC
(
hide
)
Description:
Inital CVE text
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2018-08-31 01:27:47 UTC
Size:
2.21 KB
patch
obsolete
>==================================================================== >== Subject: Unprivileged read of deleted object tombstones >== in AD LDAP server >== >== CVE ID#: CVE-2018-XXXX >== >== Versions: All versions of Samba from 4.0.0 onwards. >== >== Summary: Missing access control checks (compared with Microsoft >== Active Directory) allow read of object tombstones over >== LDAP >== >==================================================================== > >=========== >Description >=========== > >All versions of Samba from 4.0.0 onwards are vulnerable to an >information leak (compared with the established behaviour of >Microsoft's Active Directory) when Samba is an Active Directory Domain >Controller. > >Missing access control checks on the LDAP_SERVER_SHOW_DELETED_OID >control in the DSDB database layer cause the LDAP server to disclose, >to authenticated but not privileged users, the names and preserved >attributes of deleted objects. (Microsoft AD simply does not return >these objects on a search). > >No information that was hidden before the deletion is visible, but in >Microsoft Active Directory the whole object is also not visible >without administrative rights, whereas Samba allows read of limited >set of attributes that are preserved after delete. > >There is no further vulnerability associated with this error, merely an >information disclosure. > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.7.x 4.8.x and 4.9.x have been issued as a >security release to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >========== >Workaround >========== > >No workaround is possible while acting as a Samba AD DC. > >Disabling the 'ldap' services in the smb.conf (eg 'server services = >-ldap) would remove essential elements in the AD DC. > >======= >Credits >======= > >The initial bugs were found by the Andrew Bartlett of Catalyst. >Andrew Bartlett of Catalyst and the Samba Team did the investigation >and provided the final fix.
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13595
:
14456
|
14477
|
16855
|
18160
|
18161
|
18166
|
18167
|
18168