[Samba] Need to know Samba version addressing "CVE-2018-14628" fix
Andrew Bartlett
abartlet at samba.org
Mon Jan 30 07:51:15 UTC 2023
On Mon, 2023-01-30 at 07:27 +0000, Vivek Anand -X (vivekan - Altran ACT
S.A.S at Cisco) via samba wrote:
> Hi Team,
> We are looking for Security Release Version / patch for "CVE-2018-
> 14628<https://attachments.samba.org/attachment.cgi?id=14477>;".
> The above CVE says :
> All versions of Samba from 4.0.0 onwards are vulnerable to an
> information leak (compared with the established behaviour of
> Microsoft's Active Directory) when Samba is an Active Directory
> Domain
> Controller.
> A patch addressing this defect has been posted to
> http://www.samba.org/samba/security/
>
> Additionally, Samba 4.7.x 4.8.x and 4.9.x have been issued as
> asecurity release to correct the defect.
These words are from a draft advisory that was never published.
> But on samba security page, we are unable to find patch/release
> version addressing "CVE-2018-14628"
> We are using "samba-4.17.3" and have queries as below:
> 1. Is "samba-4.17.3" affected by vulnerability "CVE-2018-14628"?
The issue remains unfixed and is being tracked at
https://bugzilla.samba.org/show_bug.cgi?id=CVE-2018-14628
Sorry,
Also, If the AD DC is not being used, then this is not important at
all.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst.Net Limited
Catalyst.Net Ltd - a Catalyst IT group company - Expert Open SourceSolutions
More information about the samba
mailing list