Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14907

Опубликовано: 21 янв. 2020
Источник: nvd
CVSS3: 6.5
CVSS2: 2.6
EPSS Средний

Описание

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.9.0 (включая) до 4.9.18 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.10.0 (включая) до 4.10.12 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.11.0 (включая) до 4.11.5 (исключая)
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.10242
Средний

6.5 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2019-14907

CVSS3: 6.5
ubuntu
около 6 лет назад

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

redhat логотип

CVE-2019-14907

CVSS3: 6.5
redhat
около 6 лет назад

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

debian логотип

CVE-2019-14907

CVSS3: 6.5
debian
около 6 лет назад

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...

suse-cvrf логотип

SUSE-SU-2020:0233-1

suse-cvrf
около 6 лет назад

Security update for samba

suse-cvrf логотип

SUSE-SU-2020:0152-1

suse-cvrf
около 6 лет назад

Security update for samba

EPSS

Процентиль: 93%
0.10242
Средний

6.5 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-125
CWE-125