CVE-2019-14907 - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue

CVE-2019-14907

Summary

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

References

Vulnerable Configurations

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:-:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:-:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc5:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.0:rc5:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.9.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.0:rc4:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.9:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.10.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:-:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:-:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.0:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.11.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*
cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 14-09-2023 - 17:15)
Impact:
Exploitability:

CWE

CWE-125

CAPEC

Infiltration of Hardware Development Environment
An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1794461
title	Test samba3.smbtorture_s3.plain.WINDOWS-BAD-SYMLINK fails

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment openchange is earlier than 0:2.3-24.el8
oval oval:com.redhat.rhsa:tst:20201878001
comment openchange is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206002

AND

comment openchange-debugsource is earlier than 0:2.3-24.el8
oval oval:com.redhat.rhsa:tst:20201878003
comment openchange-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20201878004

AND
comment ctdb is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878005
comment ctdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258002
AND
comment ctdb-tests is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878007
comment ctdb-tests is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006
AND
comment libsmbclient is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878009
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258008

AND

comment libsmbclient-devel is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878011
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010

AND
comment libwbclient is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878013
comment libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012

AND

comment libwbclient-devel is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878015
comment libwbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014

AND

comment python3-samba is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878017
comment python3-samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193582014

AND

comment python3-samba-test is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878019
comment python3-samba-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193582016

AND
comment samba is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878021
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258016
AND
comment samba-client is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878023
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND

comment samba-client-libs is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878025
comment samba-client-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258020

AND
comment samba-common is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878027
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022

AND

comment samba-common-libs is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878029
comment samba-common-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258024

AND

comment samba-common-tools is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878031
comment samba-common-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258026

AND

comment samba-debugsource is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878033
comment samba-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193582030

AND

comment samba-krb5-printing is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878035
comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171265032

AND
comment samba-libs is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878037
comment samba-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034
AND
comment samba-pidl is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878039
comment samba-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258036
AND
comment samba-test is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878041
comment samba-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258040

AND

comment samba-test-libs is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878043
comment samba-test-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258044

AND

comment samba-winbind is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878045
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258048

AND

comment samba-winbind-clients is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878047
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258050

AND

comment samba-winbind-krb5-locator is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878049
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258052

AND

comment samba-winbind-modules is earlier than 0:4.11.2-13.el8
oval oval:com.redhat.rhsa:tst:20201878051
comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258054

rhsa

id	RHSA-2020:1878
released	2020-04-28
severity	Moderate
title	RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate)

bugzilla

id	1836427
title	net ads join use of netbios+realm breaks GSSAPI authentication

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment ctdb is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981001
comment ctdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258002
AND
comment ctdb-tests is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981003
comment ctdb-tests is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006
AND
comment libsmbclient is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981005
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258008

AND

comment libsmbclient-devel is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981007
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010

AND
comment libwbclient is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981009
comment libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012

AND

comment libwbclient-devel is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981011
comment libwbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014

AND
comment samba is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981013
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258016
AND
comment samba-client is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981015
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND

comment samba-client-libs is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981017
comment samba-client-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258020

AND
comment samba-common is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981019
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022

AND

comment samba-common-libs is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981021
comment samba-common-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258024

AND

comment samba-common-tools is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981023
comment samba-common-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258026

AND
comment samba-dc is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981025
comment samba-dc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258028

AND

comment samba-dc-libs is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981027
comment samba-dc-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258030

AND
comment samba-devel is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981029
comment samba-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258032

AND

comment samba-krb5-printing is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981031
comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171265032

AND
comment samba-libs is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981033
comment samba-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034
AND
comment samba-pidl is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981035
comment samba-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258036
AND
comment samba-python is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981037
comment samba-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258038

AND

comment samba-python-test is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981039
comment samba-python-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183056040

AND
comment samba-test is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981041
comment samba-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258040

AND

comment samba-test-libs is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981043
comment samba-test-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258044

AND

comment samba-vfs-glusterfs is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981045
comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258046

AND

comment samba-winbind is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981047
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258048

AND

comment samba-winbind-clients is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981049
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258050

AND

comment samba-winbind-krb5-locator is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981051
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258052

AND

comment samba-winbind-modules is earlier than 0:4.10.16-5.el7
oval oval:com.redhat.rhsa:tst:20203981053
comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258054

rhsa

id	RHSA-2020:3981
released	2020-09-29
severity	Moderate
title	RHSA-2020:3981: samba security, bug fix, and enhancement update (Moderate)

rpms

ctdb-0:4.11.6-104.el7rhgs
libsmbclient-0:4.11.6-104.el7rhgs
libsmbclient-devel-0:4.11.6-104.el7rhgs
libtalloc-0:2.2.0-9.el7rhgs
libtalloc-debuginfo-0:2.2.0-9.el7rhgs
libtalloc-devel-0:2.2.0-9.el7rhgs
libtdb-0:1.4.2-4.el7rhgs
libtdb-debuginfo-0:1.4.2-4.el7rhgs
libtdb-devel-0:1.4.2-4.el7rhgs
libtevent-0:0.10.0-4.el7rhgs
libtevent-debuginfo-0:0.10.0-4.el7rhgs
libtevent-devel-0:0.10.0-4.el7rhgs
libwbclient-0:4.11.6-104.el7rhgs
libwbclient-devel-0:4.11.6-104.el7rhgs
python3-samba-0:4.11.6-104.el7rhgs
python3-talloc-0:2.2.0-9.el7rhgs
python3-talloc-devel-0:2.2.0-9.el7rhgs
python3-tdb-0:1.4.2-4.el7rhgs
python3-tevent-0:0.10.0-4.el7rhgs
samba-0:4.11.6-104.el7rhgs
samba-client-0:4.11.6-104.el7rhgs
samba-client-libs-0:4.11.6-104.el7rhgs
samba-common-0:4.11.6-104.el7rhgs
samba-common-libs-0:4.11.6-104.el7rhgs
samba-common-tools-0:4.11.6-104.el7rhgs
samba-debuginfo-0:4.11.6-104.el7rhgs
samba-devel-0:4.11.6-104.el7rhgs
samba-krb5-printing-0:4.11.6-104.el7rhgs
samba-libs-0:4.11.6-104.el7rhgs
samba-pidl-0:4.11.6-104.el7rhgs
samba-vfs-glusterfs-0:4.11.6-104.el7rhgs
samba-winbind-0:4.11.6-104.el7rhgs
samba-winbind-clients-0:4.11.6-104.el7rhgs
samba-winbind-krb5-locator-0:4.11.6-104.el7rhgs
samba-winbind-modules-0:4.11.6-104.el7rhgs
tdb-tools-0:1.4.2-4.el7rhgs
ctdb-0:4.11.2-13.el8
ctdb-debuginfo-0:4.11.2-13.el8
ctdb-tests-0:4.11.2-13.el8
ctdb-tests-debuginfo-0:4.11.2-13.el8
libsmbclient-0:4.11.2-13.el8
libsmbclient-debuginfo-0:4.11.2-13.el8
libsmbclient-devel-0:4.11.2-13.el8
libwbclient-0:4.11.2-13.el8
libwbclient-debuginfo-0:4.11.2-13.el8
libwbclient-devel-0:4.11.2-13.el8
openchange-0:2.3-24.el8
openchange-client-debuginfo-0:2.3-24.el8
openchange-debuginfo-0:2.3-24.el8
openchange-debugsource-0:2.3-24.el8
python3-samba-0:4.11.2-13.el8
python3-samba-debuginfo-0:4.11.2-13.el8
python3-samba-test-0:4.11.2-13.el8
samba-0:4.11.2-13.el8
samba-client-0:4.11.2-13.el8
samba-client-debuginfo-0:4.11.2-13.el8
samba-client-libs-0:4.11.2-13.el8
samba-client-libs-debuginfo-0:4.11.2-13.el8
samba-common-0:4.11.2-13.el8
samba-common-libs-0:4.11.2-13.el8
samba-common-libs-debuginfo-0:4.11.2-13.el8
samba-common-tools-0:4.11.2-13.el8
samba-common-tools-debuginfo-0:4.11.2-13.el8
samba-debuginfo-0:4.11.2-13.el8
samba-debugsource-0:4.11.2-13.el8
samba-krb5-printing-0:4.11.2-13.el8
samba-krb5-printing-debuginfo-0:4.11.2-13.el8
samba-libs-0:4.11.2-13.el8
samba-libs-debuginfo-0:4.11.2-13.el8
samba-pidl-0:4.11.2-13.el8
samba-test-0:4.11.2-13.el8
samba-test-debuginfo-0:4.11.2-13.el8
samba-test-libs-0:4.11.2-13.el8
samba-test-libs-debuginfo-0:4.11.2-13.el8
samba-vfs-glusterfs-debuginfo-0:4.11.2-13.el8
samba-winbind-0:4.11.2-13.el8
samba-winbind-clients-0:4.11.2-13.el8
samba-winbind-clients-debuginfo-0:4.11.2-13.el8
samba-winbind-debuginfo-0:4.11.2-13.el8
samba-winbind-krb5-locator-0:4.11.2-13.el8
samba-winbind-krb5-locator-debuginfo-0:4.11.2-13.el8
samba-winbind-modules-0:4.11.2-13.el8
samba-winbind-modules-debuginfo-0:4.11.2-13.el8
ctdb-0:4.10.16-5.el7
ctdb-tests-0:4.10.16-5.el7
libsmbclient-0:4.10.16-5.el7
libsmbclient-devel-0:4.10.16-5.el7
libwbclient-0:4.10.16-5.el7
libwbclient-devel-0:4.10.16-5.el7
samba-0:4.10.16-5.el7
samba-client-0:4.10.16-5.el7
samba-client-libs-0:4.10.16-5.el7
samba-common-0:4.10.16-5.el7
samba-common-libs-0:4.10.16-5.el7
samba-common-tools-0:4.10.16-5.el7
samba-dc-0:4.10.16-5.el7
samba-dc-libs-0:4.10.16-5.el7
samba-debuginfo-0:4.10.16-5.el7
samba-devel-0:4.10.16-5.el7
samba-krb5-printing-0:4.10.16-5.el7
samba-libs-0:4.10.16-5.el7
samba-pidl-0:4.10.16-5.el7
samba-python-0:4.10.16-5.el7
samba-python-test-0:4.10.16-5.el7
samba-test-0:4.10.16-5.el7
samba-test-libs-0:4.10.16-5.el7
samba-vfs-glusterfs-0:4.10.16-5.el7
samba-winbind-0:4.10.16-5.el7
samba-winbind-clients-0:4.10.16-5.el7
samba-winbind-krb5-locator-0:4.10.16-5.el7
samba-winbind-modules-0:4.10.16-5.el7

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907 https://security.netapp.com/advisory/ntap-20200122-0001/ https://www.synology.com/security/advisory/Synology_SA_20_01
fedora	FEDORA-2020-6bd386c7eb FEDORA-2020-f92cd0e72b
gentoo	GLSA-202003-52
misc	https://www.samba.org/samba/security/CVE-2019-14907.html
suse	openSUSE-SU-2020:0122
ubuntu	USN-4244-1

Last major update

14-09-2023 - 17:15

Published

21-01-2020 - 18:15

Last modified

14-09-2023 - 17:15