Vulnerability-Lookup

WID-SEC-W-2023-2365

Vulnerability from csaf_certbund - Published: 2020-01-21 23:00 - Updated: 2023-09-14 22:00

Summary

Samba: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme: - UNIX - Linux

CVE-2019-14902

Es existiert eine Schwachstelle in Samba. Aufgrund einer unvollständigen Implementierung der ACL-Vererbung im Samba AD DC können ACLs zwischen Domänencontrollern nicht synchronisiert werden. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

CVE-2019-14907

Es existiert eine Schwachstelle in Samba. Bei der Verarbeitung von nicht vertrauenswürdigen String-Eingaben kann Samba bei der Ausgabe einer "Konvertierungsfehler"-Meldung an die Log-Datein über das Ende des zugeordneten Puffers hinaus lesen. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen.

CVE-2019-19344

Es existiert eine Schwachstelle in Samba. Beim DNS-Zonen-Scavenging (Löschen von abgelaufenen dynamischen Einträgen) wird der Speicher nach seiner Freigabe noch ausgelesen. Ein authentisierter Angreifer kann diese use-after-free Schwachstelle nutzen, um einen Denial of Service zu verursachen.

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://lists.debian.org/debian-lts-announce/2023…	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.samba.org/samba/security/CVE-2019-149…	external
	https://www.samba.org/samba/security/CVE-2019-149…	external
	https://www.samba.org/samba/security/CVE-2019-193…	external
	https://usn.ubuntu.com/4244-1/	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.synology.com/en-global/support/securi…	external
	https://access.redhat.com/errata/RHSA-2020:0943	external
	https://access.redhat.com/errata/RHSA-2020:1878	external
	https://support.hpe.com/hpesc/public/docDisplay?d…	external
	http://lists.suse.com/pipermail/sle-security-upda…	external
	https://access.redhat.com/errata/RHSA-2020:3981	external
	https://downloads.avaya.com/css/P8/documents/101071801	external
	https://lists.debian.org/debian-lts-announce/2021…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Samba ist eine Open Source Software Suite, die Druck- und Dateidienste f\u00fcr SMB/CIFS Clients implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2365 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-2365.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2365 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2365"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3563 vom 2023-09-14",
        "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0233-1 vom 2020-01-25",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200233-1.html"
      },
      {
        "category": "external",
        "summary": "Samba Security Announcements vom 2020-01-21",
        "url": "https://www.samba.org/samba/security/CVE-2019-14902.html"
      },
      {
        "category": "external",
        "summary": "Samba Security Announcements vom 2020-01-21",
        "url": "https://www.samba.org/samba/security/CVE-2019-14907.html"
      },
      {
        "category": "external",
        "summary": "Samba Security Announcements vom 2020-01-21",
        "url": "https://www.samba.org/samba/security/CVE-2019-19344.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice",
        "url": "https://usn.ubuntu.com/4244-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200152-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0224-1 vom 2020-01-24",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200224-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:0223-1 vom 2020-01-24",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200223-1.html"
      },
      {
        "category": "external",
        "summary": "Synology Security Advisory SYNOLOGY-SA-20:01 vom 2020-01-22",
        "url": "https://www.synology.com/en-global/support/security/Synology_SA_20_01"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0943 vom 2020-03-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:0943"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1878 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1878"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04029en_us"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2673-1 vom 2020-09-17",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007440.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:3981 vom 2020-09-29",
        "url": "https://access.redhat.com/errata/RHSA-2020:3981"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-141 vom 2020-10-25",
        "url": "https://downloads.avaya.com/css/P8/documents/101071801"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2668 vom 2021-05-29",
        "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Samba: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-14T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:30.133+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2365",
      "initial_release_date": "2020-01-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-01-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-01-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-01-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "Korrektur"
        },
        {
          "date": "2020-01-23T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-01-26T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-01-26T23:00:00.000+00:00",
          "number": "6",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2020-03-23T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-04-28T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-08-19T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2020-09-17T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-09-29T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-10-25T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-05-30T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-09-14T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "14"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Web License Manager",
            "product": {
              "name": "Avaya Web License Manager",
              "product_id": "T016243",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:web_license_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE HP-UX",
            "product": {
              "name": "HPE HP-UX",
              "product_id": "4871",
              "product_identification_helper": {
                "cpe": "cpe:/o:hp:hp-ux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Samba \u003c 4.11.5",
                "product": {
                  "name": "Open Source Samba \u003c 4.11.5",
                  "product_id": "T015756",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.11.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Samba \u003c 4.10.12",
                "product": {
                  "name": "Open Source Samba \u003c 4.10.12",
                  "product_id": "T015757",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.10.12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Samba \u003c 4.9.18",
                "product": {
                  "name": "Open Source Samba \u003c 4.9.18",
                  "product_id": "T015758",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.9.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Samba"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Synology DiskStation Manager 6.2",
            "product": {
              "name": "Synology DiskStation Manager 6.2",
              "product_id": "448604",
              "product_identification_helper": {
                "cpe": "cpe:/a:synology:diskstation_manager:6.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Synology"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14902",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Samba. Aufgrund einer unvollst\u00e4ndigen Implementierung der ACL-Vererbung im Samba AD DC k\u00f6nnen ACLs zwischen Dom\u00e4nencontrollern nicht synchronisiert werden. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "448604",
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "4871",
          "T000126",
          "T015127",
          "T015126",
          "T016243"
        ]
      },
      "release_date": "2020-01-21T23:00:00.000+00:00",
      "title": "CVE-2019-14902"
    },
    {
      "cve": "CVE-2019-14907",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Samba. Bei der Verarbeitung von nicht vertrauensw\u00fcrdigen String-Eingaben kann Samba bei der Ausgabe einer \"Konvertierungsfehler\"-Meldung an die Log-Datein \u00fcber das Ende des zugeordneten Puffers hinaus lesen. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "448604",
          "2951",
          "T002207",
          "67646",
          "T000126"
        ]
      },
      "release_date": "2020-01-21T23:00:00.000+00:00",
      "title": "CVE-2019-14907"
    },
    {
      "cve": "CVE-2019-19344",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Samba. Beim DNS-Zonen-Scavenging (L\u00f6schen von abgelaufenen dynamischen Eintr\u00e4gen) wird der Speicher nach seiner Freigabe noch ausgelesen. Ein authentisierter Angreifer kann diese use-after-free Schwachstelle nutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "448604",
          "2951",
          "T002207",
          "67646",
          "T000126"
        ]
      },
      "release_date": "2020-01-21T23:00:00.000+00:00",
      "title": "CVE-2019-19344"
    }
  ]
}

CVE-2019-19344 (GCVE-0-2019-19344)

Vulnerability from cvelistv5 – Published: 2020-01-21 00:00 – Updated: 2024-08-05 02:16

Summary

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-416

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-193…
	https://security.netapp.com/advisory/ntap-2020012…
	https://www.synology.com/security/advisory/Synolo…
	https://usn.ubuntu.com/4244-1/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.gentoo.org/glsa/202003-52	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Red Hat	samba	Affected: all samba 4.11.x versions before 4.11.5 Affected: all samba 4.10.x versions before 4.10.12 Affected: all samba 4.9.x versions before 4.9.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-19344.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"
          },
          {
            "name": "USN-4244-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4244-1/"
          },
          {
            "name": "openSUSE-SU-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"
          },
          {
            "name": "FEDORA-2020-6bd386c7eb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"
          },
          {
            "name": "FEDORA-2020-f92cd0e72b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"
          },
          {
            "name": "GLSA-202003-52",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-52"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "all samba 4.11.x versions before 4.11.5"
            },
            {
              "status": "affected",
              "version": "all samba 4.10.x versions before 4.10.12"
            },
            {
              "status": "affected",
              "version": "all samba 4.9.x versions before 4.9.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:25.208Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-19344.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"
        },
        {
          "name": "USN-4244-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4244-1/"
        },
        {
          "name": "openSUSE-SU-2020:0122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"
        },
        {
          "name": "FEDORA-2020-6bd386c7eb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"
        },
        {
          "name": "FEDORA-2020-f92cd0e72b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"
        },
        {
          "name": "GLSA-202003-52",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-52"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-19344",
    "datePublished": "2020-01-21T00:00:00.000Z",
    "dateReserved": "2019-11-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:16:47.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14907 (GCVE-0-2019-14907)

Vulnerability from cvelistv5 – Published: 2020-01-21 00:00 – Updated: 2024-08-05 00:34

Summary

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-125

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-149…
	https://security.netapp.com/advisory/ntap-2020012…
	https://www.synology.com/security/advisory/Synolo…
	https://usn.ubuntu.com/4244-1/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.gentoo.org/glsa/202003-52	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Red Hat	samba	Affected: All versions 4.11.x before 4.11.5 Affected: All versions 4.10.x before 4.10.12 Affected: All versions 4.9.x before 4.9.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:52.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14907.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"
          },
          {
            "name": "USN-4244-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4244-1/"
          },
          {
            "name": "openSUSE-SU-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"
          },
          {
            "name": "FEDORA-2020-6bd386c7eb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"
          },
          {
            "name": "FEDORA-2020-f92cd0e72b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"
          },
          {
            "name": "GLSA-202003-52",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-52"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "All versions 4.11.x before 4.11.5"
            },
            {
              "status": "affected",
              "version": "All versions 4.10.x before 4.10.12"
            },
            {
              "status": "affected",
              "version": "All versions 4.9.x before 4.9.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:16.214Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14907.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"
        },
        {
          "name": "USN-4244-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4244-1/"
        },
        {
          "name": "openSUSE-SU-2020:0122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"
        },
        {
          "name": "FEDORA-2020-6bd386c7eb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"
        },
        {
          "name": "FEDORA-2020-f92cd0e72b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"
        },
        {
          "name": "GLSA-202003-52",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-52"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14907",
    "datePublished": "2020-01-21T00:00:00.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:34:52.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14902 (GCVE-0-2019-14902)

Vulnerability from cvelistv5 – Published: 2020-01-21 00:00 – Updated: 2024-08-05 00:26

Summary

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-284

Assigner

redhat

References

URL

Tags

	https://www.samba.org/samba/security/CVE-2019-149…
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://security.netapp.com/advisory/ntap-2020012…
	https://www.synology.com/security/advisory/Synolo…
	https://usn.ubuntu.com/4244-1/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.gentoo.org/glsa/202003-52	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	samba	Affected: all samba 4.11.x versions before 4.11.5 Affected: all samba 4.10.x versions before 4.10.12 Affected: all samba 4.9.x versions before 4.9.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14902.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"
          },
          {
            "name": "USN-4244-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4244-1/"
          },
          {
            "name": "openSUSE-SU-2020:0122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"
          },
          {
            "name": "FEDORA-2020-6bd386c7eb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"
          },
          {
            "name": "FEDORA-2020-f92cd0e72b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"
          },
          {
            "name": "GLSA-202003-52",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-52"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "all samba 4.11.x versions before 4.11.5"
            },
            {
              "status": "affected",
              "version": "all samba 4.10.x versions before 4.10.12"
            },
            {
              "status": "affected",
              "version": "all samba 4.9.x versions before 4.9.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:21.444Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14902.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"
        },
        {
          "name": "USN-4244-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4244-1/"
        },
        {
          "name": "openSUSE-SU-2020:0122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"
        },
        {
          "name": "FEDORA-2020-6bd386c7eb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"
        },
        {
          "name": "FEDORA-2020-f92cd0e72b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"
        },
        {
          "name": "GLSA-202003-52",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-52"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14902",
    "datePublished": "2020-01-21T00:00:00.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:26:39.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-2365

CVE-2019-19344 (GCVE-0-2019-19344)

CVE-2019-14907 (GCVE-0-2019-14907)

CVE-2019-14902 (GCVE-0-2019-14902)

Tags

Sightings

Nomenclature