Vulnerability-Lookup

WID-SEC-W-2023-2366

Vulnerability from csaf_certbund - Published: 2019-10-28 23:00 - Updated: 2023-09-14 22:00

Summary

Samba: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.

Betroffene Betriebssysteme: - UNIX - Linux

CVE-2019-10218

Es existiert eine Schwachstelle in Samba. Der Samba-Client-Code (libsmbclient) gibt vom Server bereitgestellte Dateinamen zurück, ohne nach Pfadnamen-Trennzeichen (wie "/" oder "../") zu suchen. Ein bösartiger Server kann einen Pfadnamen mit Trennzeichen erstellen und diesen an den Client-Code zurückgeben, so dass der Client anstelle von SMB-Netzwerkpfaden diesen Zugriff auf lokale Pfadnamen zum Lesen oder Schreiben verwendet. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss das Opfer auf einen entsprechenden Samba Server zugreifen.

CVE-2019-14833

Es existiert eine Schwachstelle in Samba. Ein Samba AD DC kann mit einem benutzerdefinierten Befehl die Komplexität des Passworts überprüfen. Wenn das Passwort Multi-Byte (Nicht-ASCII-) Zeichen enthält, erhält das Passwort-Prüfskript nicht die vollständige Passwort Zeichenfolge, und kann somit die Überprüfung nicht sachgemäß durchführen, was zu einer möglichen Umgehung von Sicherheitsmaßnahmen führt.

CVE-2019-14847

Es existiert eine Schwachstelle in Samba. Ein privilegierter Angreifer mit "get changes" Zugriffsrechten kann den AD DC LDAP Server durch eine speziell bearbeitete Anfrage zum Absturz bringen.

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://lists.debian.org/debian-lts-announce/2023…	external
	https://www.samba.org/samba/history/	external
	https://www.suse.com/support/update/announcement/…	external
	https://usn.ubuntu.com/4167-2/	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.suse.com/support/update/announcement/…	external
	https://www.suse.com/support/update/announcement/…	external
	https://security.archlinux.org/ASA-201911-6	external
	http://www.auscert.org.au/bulletins/ESB-2019.4089/	external
	https://www.suse.com/support/update/announcement/…	external
	https://access.redhat.com/errata/RHSA-2020:0943	external
	https://access.redhat.com/errata/RHSA-2020:1084	external
	https://downloads.avaya.com/css/P8/documents/101065840	external
	https://access.redhat.com/errata/RHSA-2020:1878	external
	https://support.hpe.com/hpesc/public/docDisplay?d…	external
	http://lists.suse.com/pipermail/sle-security-upda…	external
	https://lists.debian.org/debian-lts-announce/2021…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Samba ist eine Open Source Software Suite, die Druck- und Dateidienste f\u00fcr SMB/CIFS Clients implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Samba ausnutzen, um Dateien zu manipulieren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2366 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-2366.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2366 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2366"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3563 vom 2023-09-14",
        "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
      },
      {
        "category": "external",
        "summary": "Samba Release History vom 2019-10-28",
        "url": "https://www.samba.org/samba/history/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14202-1 vom 2019-10-29",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914202-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4167-1 vom 2019-10-29",
        "url": "https://usn.ubuntu.com/4167-2/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2866-1 vom 2019-10-31",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192866-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2868-1 vom 2019-10-31",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192868-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2875-1 vom 2019-10-31",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192875-1.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-201911-6 vom 2019-11-03",
        "url": "https://security.archlinux.org/ASA-201911-6"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2890-1 vom 2019-11-05",
        "url": "http://www.auscert.org.au/bulletins/ESB-2019.4089/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2893-1 vom 2019-11-05",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192893-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:0943 vom 2020-03-23",
        "url": "https://access.redhat.com/errata/RHSA-2020:0943"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1084 vom 2020-03-31",
        "url": "https://access.redhat.com/errata/RHSA-2020:1084"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2020-048 vom 2020-04-12",
        "url": "https://downloads.avaya.com/css/P8/documents/101065840"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1878 vom 2020-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:1878"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04029en_us"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2020:2673-1 vom 2020-09-17",
        "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007440.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2668 vom 2021-05-29",
        "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Samba: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-14T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:30.638+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2366",
      "initial_release_date": "2019-10-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-10-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-10-29T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2019-10-30T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE und Fedora aufgenommen"
        },
        {
          "date": "2019-10-31T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-03T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Fedora und Arch Linux aufgenommen"
        },
        {
          "date": "2019-11-04T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-05T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-11-06T23:00:00.000+00:00",
          "number": "8",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-57D43F3B58"
        },
        {
          "date": "2020-03-23T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-03-31T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-04-13T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2020-04-28T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-08-19T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2020-09-17T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-05-30T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-09-14T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "16"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Web License Manager",
            "product": {
              "name": "Avaya Web License Manager",
              "product_id": "T016243",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:web_license_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE HP-UX",
            "product": {
              "name": "HPE HP-UX",
              "product_id": "4871",
              "product_identification_helper": {
                "cpe": "cpe:/o:hp:hp-ux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Open Source Samba \u003c 4.11.2",
                "product": {
                  "name": "Open Source Samba \u003c 4.11.2",
                  "product_id": "T015273",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.11.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Samba \u003c 4.10.10",
                "product": {
                  "name": "Open Source Samba \u003c 4.10.10",
                  "product_id": "T015274",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.10.10"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Open Source Samba \u003c 4.9.15",
                "product": {
                  "name": "Open Source Samba \u003c 4.9.15",
                  "product_id": "T015275",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:samba:samba:4.9.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Samba"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat Fedora",
            "product": {
              "name": "Red Hat Fedora",
              "product_id": "T007849",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10218",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Samba. Der Samba-Client-Code (libsmbclient) gibt vom Server bereitgestellte Dateinamen zur\u00fcck, ohne nach Pfadnamen-Trennzeichen (wie \"/\" oder \"../\") zu suchen. Ein b\u00f6sartiger Server kann einen Pfadnamen mit Trennzeichen erstellen und diesen an den Client-Code zur\u00fcckgeben, so dass der Client anstelle von SMB-Netzwerkpfaden diesen Zugriff auf lokale Pfadnamen zum Lesen oder Schreiben verwendet. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss das Opfer auf einen entsprechenden Samba Server zugreifen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T015518",
          "2951",
          "T002207",
          "67646",
          "T015516",
          "4871",
          "T000126",
          "T007849",
          "T013312",
          "T015127",
          "T015126",
          "T016243"
        ]
      },
      "release_date": "2019-10-28T23:00:00.000+00:00",
      "title": "CVE-2019-10218"
    },
    {
      "cve": "CVE-2019-14833",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Samba. Ein Samba AD DC kann mit einem benutzerdefinierten Befehl die Komplexit\u00e4t des Passworts \u00fcberpr\u00fcfen. Wenn das Passwort Multi-Byte (Nicht-ASCII-) Zeichen enth\u00e4lt, erh\u00e4lt das Passwort-Pr\u00fcfskript nicht die vollst\u00e4ndige Passwort Zeichenfolge, und kann somit die \u00dcberpr\u00fcfung nicht sachgem\u00e4\u00df durchf\u00fchren, was zu einer m\u00f6glichen Umgehung von Sicherheitsma\u00dfnahmen f\u00fchrt."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T007849",
          "T013312"
        ]
      },
      "release_date": "2019-10-28T23:00:00.000+00:00",
      "title": "CVE-2019-14833"
    },
    {
      "cve": "CVE-2019-14847",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Samba. Ein privilegierter Angreifer mit \"get changes\" Zugriffsrechten kann den AD DC LDAP Server durch eine speziell bearbeitete Anfrage zum Absturz bringen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T007849",
          "T013312"
        ]
      },
      "release_date": "2019-10-28T23:00:00.000+00:00",
      "title": "CVE-2019-14847"
    }
  ]
}

CVE-2019-14833 (GCVE-0-2019-14833)

Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-05 00:26

Summary

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Severity ?

4.2 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-305

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-148…
	https://www.synology.com/security/advisory/Synolo…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14833.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
          },
          {
            "name": "openSUSE-SU-2019:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
          },
          {
            "name": "FEDORA-2019-57d43f3b58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
          },
          {
            "name": "FEDORA-2019-703e299870",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
          },
          {
            "name": "FEDORA-2019-460ad648e7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:23.317Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14833.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
        },
        {
          "name": "openSUSE-SU-2019:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
        },
        {
          "name": "FEDORA-2019-57d43f3b58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
        },
        {
          "name": "FEDORA-2019-703e299870",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
        },
        {
          "name": "FEDORA-2019-460ad648e7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14833",
    "datePublished": "2019-11-06T00:00:00.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:26:39.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14847 (GCVE-0-2019-14847)

Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-05 00:26

Summary

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-148…
	https://www.synology.com/security/advisory/Synolo…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: samba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14847.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
          },
          {
            "name": "openSUSE-SU-2019:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
          },
          {
            "name": "FEDORA-2019-703e299870",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
          },
          {
            "name": "FEDORA-2019-460ad648e7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "samba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:14.311Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14847.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
        },
        {
          "name": "openSUSE-SU-2019:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
        },
        {
          "name": "FEDORA-2019-703e299870",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
        },
        {
          "name": "FEDORA-2019-460ad648e7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14847",
    "datePublished": "2019-11-06T00:00:00.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:26:39.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10218 (GCVE-0-2019-10218)

Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-04 22:17

Summary

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-22

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…
	https://www.samba.org/samba/security/CVE-2019-102…
	https://www.synology.com/security/advisory/Synolo…
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

	Vendor	Product	Version
	Samba	samba	Affected: all samba versions before samba 4.11.2, 4.10.10 and 4.9.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:19.002Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-10218.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
          },
          {
            "name": "openSUSE-SU-2019:2458",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
          },
          {
            "name": "FEDORA-2019-57d43f3b58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
          },
          {
            "name": "FEDORA-2019-703e299870",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
          },
          {
            "name": "FEDORA-2019-460ad648e7",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Samba",
          "versions": [
            {
              "status": "affected",
              "version": "all samba versions before samba 4.11.2, 4.10.10 and 4.9.15"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-14T16:06:19.599Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-10218.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_35"
        },
        {
          "name": "openSUSE-SU-2019:2458",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"
        },
        {
          "name": "FEDORA-2019-57d43f3b58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/"
        },
        {
          "name": "FEDORA-2019-703e299870",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"
        },
        {
          "name": "FEDORA-2019-460ad648e7",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10218",
    "datePublished": "2019-11-06T00:00:00.000Z",
    "dateReserved": "2019-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:17:19.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-2366

CVE-2019-14833 (GCVE-0-2019-14833)

CVE-2019-14847 (GCVE-0-2019-14847)

CVE-2019-10218 (GCVE-0-2019-10218)

Tags

Sightings

Nomenclature