Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-14907

Опубликовано: 21 янв. 2020
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 2.6
CVSS3: 6.5

Описание

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

РелизСтатусПримечание
bionic

released

2:4.7.6+dfsg~ubuntu-0ubuntu2.15
devel

released

2:4.11.5+dfsg-1ubuntu1
disco

released

2:4.10.0+dfsg-0ubuntu2.8
eoan

released

2:4.10.7+dfsg-0ubuntu2.4
esm-infra-legacy/trusty

needed

esm-infra/bionic

released

2:4.7.6+dfsg~ubuntu-0ubuntu2.15
esm-infra/focal

released

2:4.11.5+dfsg-1ubuntu1
esm-infra/xenial

released

2:4.3.11+dfsg-0ubuntu0.16.04.25
focal

released

2:4.11.5+dfsg-1ubuntu1
groovy

released

2:4.11.5+dfsg-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.10242
Средний

2.6 Low

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-14907

CVSS3: 6.5
redhat
около 6 лет назад

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

nvd логотип

CVE-2019-14907

CVSS3: 6.5
nvd
около 6 лет назад

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

debian логотип

CVE-2019-14907

CVSS3: 6.5
debian
около 6 лет назад

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...

suse-cvrf логотип

SUSE-SU-2020:0233-1

suse-cvrf
около 6 лет назад

Security update for samba

suse-cvrf логотип

SUSE-SU-2020:0152-1

suse-cvrf
около 6 лет назад

Security update for samba

EPSS

Процентиль: 93%
0.10242
Средний

2.6 Low

CVSS2

6.5 Medium

CVSS3