All versions of Samba from 4.0.0 onwards are vulnerable to an information leak (compared with the established behaviour of Microsoft's Active Directory) when Samba is an Active Directory Domain Controller. Missing access control checks on the LDAP_SERVER_SHOW_DELETED_OID control in the DSDB database layer cause the LDAP server to disclose, to authenticated but not privileged users, the names and preserved attributes of deleted objects. (Microsoft AD simply does not return these objects on a search). No information that was hidden before the deletion is visible, but in Microsoft Active Directory the whole object is also not visible without administrative rights, whereas Samba allows read of limited set of attributes that are preserved after delete.
Acknowledgments: Name: Andrew Bartlett (Catalyst and Samba Team)
Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=13595
Statement: Samba 4 packages distributed with Red Hat Enterprise Linux are built without the AD DC functionality, where this flaw is present. These packages are not affected by this vulnerability.
Created samba tracking bugs for this issue: Affects: fedora-all [bug 2160799]