Published: 21/01/2020 Updated: 07/11/2023

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 232

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

All samba versions 4.9.x prior to 4.9.18, 4.10.x prior to 4.10.12 and 4.11.x prior to 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 30
fedoraproject fedora 31
samba samba
redhat enterprise linux 7.0
redhat enterprise linux 8.0
redhat storage 3.0
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 19.10
synology skynas -
synology diskstation manager 6.2
synology directory server -
synology router manager 1.2
debian debian linux 9.0

Several security issues were fixed in Samba ...

Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Moderate: samba security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Gluster Storage 35 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabili ...

Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

All samba versions 49x before 4918, 410x before 41012 and 411x before 4115 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed Such strings can be provided during the NTLMSSP authentication exchange In the Samba AD DC in particular, ...

CWE-125 https://www.samba.org/samba/security/CVE-2019-14907.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907 https://security.netapp.com/advisory/ntap-20200122-0001/https://www.synology.com/security/advisory/Synology_SA_20_01 https://usn.ubuntu.com/4244-1/http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html https://security.gentoo.org/glsa/202003-52 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/https://usn.ubuntu.com/4244-1/https://nvd.nist.gov

CVE-2019-14907

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect