All the vulnerabilites related to Red Hat - samba
cve-2019-14907
Vulnerability from cvelistv5
Published
2020-01-21 00:00
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:34:52.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2019-14907.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" }, { "name": "USN-4244-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4244-1/" }, { "name": "openSUSE-SU-2020:0122", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html" }, { "name": "FEDORA-2020-6bd386c7eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" }, { "name": "FEDORA-2020-f92cd0e72b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "All versions 4.11.x before 4.11.5" }, { "status": "affected", "version": "All versions 4.10.x before 4.10.12" }, { "status": "affected", "version": "All versions 4.9.x before 4.9.18" } ] } ], "descriptions": [ { "lang": "en", "value": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-14T16:06:16.214931", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907" }, { "url": "https://www.samba.org/samba/security/CVE-2019-14907.html" }, { "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" }, { "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" }, { "name": "USN-4244-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4244-1/" }, { "name": "openSUSE-SU-2020:0122", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html" }, { "name": "FEDORA-2020-6bd386c7eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" }, { "name": "FEDORA-2020-f92cd0e72b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14907", "datePublished": "2020-01-21T00:00:00", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:34:52.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-14861
Vulnerability from cvelistv5
Published
2019-12-10 22:19
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2019-14861", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T15:36:30.362174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T15:37:11.263Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-05T00:26:39.136Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-4217-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4217-1/" }, { "name": "USN-4217-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4217-2/" }, { "name": "FEDORA-2019-be98a08835", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/" }, { "name": "openSUSE-SU-2019:2700", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html" }, { "name": "FEDORA-2019-11dddb785b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191210-0002/" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2019-14861.html" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_40" }, { "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "name": "[oss-security] 20240625 Re: Out-of-bounds read \u0026 write in the glibc\u0027s qsort()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "all versions 4.11.x before 4.11.3" }, { "status": "affected", "version": "all versions 4.10.x before 4.10.11" }, { "status": "affected", "version": "all versions 4.x.x before 4.9.17" } ] } ], "descriptions": [ { "lang": "en", "value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T01:05:54.054469", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-4217-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4217-1/" }, { "name": "USN-4217-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4217-2/" }, { "name": "FEDORA-2019-be98a08835", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/" }, { "name": "openSUSE-SU-2019:2700", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html" }, { "name": "FEDORA-2019-11dddb785b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861" }, { "url": "https://security.netapp.com/advisory/ntap-20191210-0002/" }, { "url": "https://www.samba.org/samba/security/CVE-2019-14861.html" }, { "url": "https://www.synology.com/security/advisory/Synology_SA_19_40" }, { "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "name": "[oss-security] 20240625 Re: Out-of-bounds read \u0026 write in the glibc\u0027s qsort()", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14861", "datePublished": "2019-12-10T22:19:05", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10704
Vulnerability from cvelistv5
Published
2020-05-06 00:00
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:11.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2020-e244c98af5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/" }, { "name": "FEDORA-2020-9cf0b1c8f1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/" }, { "name": "openSUSE-SU-2020:1023", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html" }, { "name": "GLSA-202007-15", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-15" }, { "name": "openSUSE-SU-2020:1313", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" }, { "name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2020-10704.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "All versions before 4.10.15" }, { "status": "affected", "version": "All versions before 4.11.8" }, { "status": "affected", "version": "All versions before 4.12.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-674", "description": "CWE-674", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-07T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "FEDORA-2020-e244c98af5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/" }, { "name": "FEDORA-2020-9cf0b1c8f1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/" }, { "name": "openSUSE-SU-2020:1023", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html" }, { "name": "GLSA-202007-15", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202007-15" }, { "name": "openSUSE-SU-2020:1313", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" }, { "name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704" }, { "url": "https://www.samba.org/samba/security/CVE-2020-10704.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10704", "datePublished": "2020-05-06T00:00:00", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:06:11.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-14870
Vulnerability from cvelistv5
Published
2019-12-10 00:00
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:26:39.129Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870" }, { "name": "USN-4217-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4217-1/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191210-0002/" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2019-14870.html" }, { "name": "USN-4217-2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4217-2/" }, { "name": "FEDORA-2019-be98a08835", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_40" }, { "name": "openSUSE-SU-2019:2700", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html" }, { "name": "FEDORA-2019-11dddb785b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "all versions 4.11.x before 4.11.3" }, { "status": "affected", "version": "all versions 4.10.x before 4.10.11" }, { "status": "affected", "version": "all versions 4.x.x before 4.9.17" } ] } ], "descriptions": [ { "lang": "en", "value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-08T08:06:43.843846", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870" }, { "name": "USN-4217-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4217-1/" }, { "url": "https://security.netapp.com/advisory/ntap-20191210-0002/" }, { "url": "https://www.samba.org/samba/security/CVE-2019-14870.html" }, { "name": "USN-4217-2", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4217-2/" }, { "name": "FEDORA-2019-be98a08835", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/" }, { "url": "https://www.synology.com/security/advisory/Synology_SA_19_40" }, { "name": "openSUSE-SU-2019:2700", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html" }, { "name": "FEDORA-2019-11dddb785b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-06" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14870", "datePublished": "2019-12-10T00:00:00", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.129Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-19344
Vulnerability from cvelistv5
Published
2020-01-21 00:00
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:16:47.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2019-19344.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" }, { "name": "USN-4244-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4244-1/" }, { "name": "openSUSE-SU-2020:0122", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html" }, { "name": "FEDORA-2020-6bd386c7eb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" }, { "name": "FEDORA-2020-f92cd0e72b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "all samba 4.11.x versions before 4.11.5" }, { "status": "affected", "version": "all samba 4.10.x versions before 4.10.12" }, { "status": "affected", "version": "all samba 4.9.x versions before 4.9.18" } ] } ], "descriptions": [ { "lang": "en", "value": "There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-14T16:06:25.208073", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344" }, { "url": "https://www.samba.org/samba/security/CVE-2019-19344.html" }, { "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" }, { "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" }, { "name": "USN-4244-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4244-1/" }, { "name": "openSUSE-SU-2020:0122", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html" }, { "name": "FEDORA-2020-6bd386c7eb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" }, { "name": "FEDORA-2020-f92cd0e72b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" }, { "name": "GLSA-202003-52", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202003-52" }, { "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-19344", "datePublished": "2020-01-21T00:00:00", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-05T02:16:47.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10700
Vulnerability from cvelistv5
Published
2020-05-04 20:03
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700 | x_refsource_CONFIRM | |
https://www.samba.org/samba/security/CVE-2020-10700.html | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/ | vendor-advisory, x_refsource_FEDORA | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html | vendor-advisory, x_refsource_SUSE | |
https://security.gentoo.org/glsa/202007-15 | vendor-advisory, x_refsource_GENTOO | |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html | vendor-advisory, x_refsource_SUSE |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:11.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2020-10700.html" }, { "name": "FEDORA-2020-c931060ab7", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/" }, { "name": "FEDORA-2020-e244c98af5", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/" }, { "name": "FEDORA-2020-9cf0b1c8f1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/" }, { "name": "openSUSE-SU-2020:1023", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html" }, { "name": "GLSA-202007-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-15" }, { "name": "openSUSE-SU-2020:1313", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "All versions before 4.10.15" }, { "status": "affected", "version": "All versions before 4.11.8" }, { "status": "affected", "version": "All versions before 4.12.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the way samba AD DC LDAP servers, handled \u0027Paged Results\u0027 control is combined with the \u0027ASQ\u0027 control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-01T17:06:40", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.samba.org/samba/security/CVE-2020-10700.html" }, { "name": "FEDORA-2020-c931060ab7", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/" }, { "name": "FEDORA-2020-e244c98af5", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/" }, { "name": "FEDORA-2020-9cf0b1c8f1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/" }, { "name": "openSUSE-SU-2020:1023", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html" }, { "name": "GLSA-202007-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-15" }, { "name": "openSUSE-SU-2020:1313", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10700", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "samba", "version": { "version_data": [ { "version_value": "All versions before 4.10.15" }, { "version_value": "All versions before 4.11.8" }, { "version_value": "All versions before 4.12.2" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free flaw was found in the way samba AD DC LDAP servers, handled \u0027Paged Results\u0027 control is combined with the \u0027ASQ\u0027 control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2." } ] }, "impact": { "cvss": [ [ { "vectorString": "5.3/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10700" }, { "name": "https://www.samba.org/samba/security/CVE-2020-10700.html", "refsource": "MISC", "url": "https://www.samba.org/samba/security/CVE-2020-10700.html" }, { "name": "FEDORA-2020-c931060ab7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WG54NRMES2GTURZKZH6H4BGXCD3OMJDJ/" }, { "name": "FEDORA-2020-e244c98af5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4/" }, { "name": "FEDORA-2020-9cf0b1c8f1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE/" }, { "name": "openSUSE-SU-2020:1023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html" }, { "name": "GLSA-202007-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-15" }, { "name": "openSUSE-SU-2020:1313", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10700", "datePublished": "2020-05-04T20:03:50", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:06:11.140Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }