An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. A user with sufficient privileges to create a computer account, such as a user granted CreateChild permissions for computer objects, may potentially set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory . Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. Access controlled AD LDAP attributes can be discovered Samba AD DC admin tool samba-tool sends passwords in cleartext