The fix in 4.6.16 4.7.9 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

🗓️ 15 Oct 2024 07:00:00Reported by MicrosoftType

Patches for 4.6.16, 4.7.9, 4.8.4, 4.9.7 did not fix CVE-2018-10919, risking BitLocker keys via LDAP.

Reporter	Title	Published	Views	Family All 201
ALT Linux	Security fix for the ALT Linux 8 package samba-DC version 4.7.9-alt1	15 Aug 201800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package samba version 4.8.4-alt1.S1	14 Aug 201800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package samba version 4.7.9-alt1	15 Aug 201800:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package samba version 4.16.10-alt1	14 Apr 202300:00	–	altlinux
Tenable Nessus	Amazon Linux 2023 : ldb-tools, libldb, libldb-devel (ALAS2023-2023-187)	8 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-190)	8 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-206)	8 Jun 202300:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: samba (CVE-2023-0614)	22 Jan 202600:00	–	nessus
Tenable Nessus	Debian DSA-4271-1 : samba - security update	15 Aug 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : samba (EulerOS-SA-2019-2484)	4 Dec 201900:00	–	nessus

Vulners

Node

15 Oct 2024 07:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24

CVSS 34.3 - 6.5

CVSS 3.16.5 - 7.7

EPSS0.01373

SSVC