Bug 1625445 (CVE-2018-14628)

Summary: CVE-2018-14628 samba: Unprivileged read of deleted object tombstones in AD LDAP server
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhgupta, abokovoy, anoopcs, asn, bmcclain, dbaker, dfediuck, dkarpele, eedri, gdeschner, jarrpa, jokerman, jstephen, mgoldboi, michal.skrivanek, mperina, nobody, pfilipen, rhs-smb, sbonazzo, sbose, security-response-team, sherold, sisharma, sthangav, trankin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-25 22:16:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2160799    
Bug Blocks: 1625448, 1945370    

Description Sam Fowler 2018-09-05 00:38:28 UTC 
All versions of Samba from 4.0.0 onwards are vulnerable to an information leak (compared with the established behaviour of Microsoft's Active Directory) when Samba is an Active Directory Domain Controller.

Missing access control checks on the LDAP_SERVER_SHOW_DELETED_OID control in the DSDB database layer cause the LDAP server to disclose, to authenticated but not privileged users, the names and preserved attributes of deleted objects.  (Microsoft AD simply does not return these objects on a search).

No information that was hidden before the deletion is visible, but in Microsoft Active Directory the whole object is also not visible without administrative rights, whereas Samba allows read of limited set of attributes that are preserved after delete.
Comment 1 Sam Fowler 2018-09-05 00:38:42 UTC 
Acknowledgments:

Name: Andrew Bartlett (Catalyst and Samba Team)
Comment 2 Doran Moppert 2018-09-05 04:17:07 UTC 
Upstream bug:

https://bugzilla.samba.org/show_bug.cgi?id=13595
Comment 3 Doran Moppert 2018-09-05 04:17:16 UTC 
Statement:

Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present.  These packages are not affected by this vulnerability.
Comment 7 Pedro Sampaio 2023-01-13 18:21:25 UTC 
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 2160799]