usn-4244-1
Vulnerability from osv_ubuntu
Published
2020-01-21 12:59
Modified
2026-04-27 14:11
Summary
samba vulnerabilities
Details

It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14902)

Robert Święcki discovered that Samba incorrectly handled certain character conversions when the log level is set to 3 or above. In certain environments, a remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2019-14907)

Christian Naumer discovered that Samba incorrectly handled DNS zone scavenging. This issue could possibly result in some incorrect data being written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19344)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2019-14907",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "ctdb",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "libnss-winbind",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "libpam-winbind",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "libparse-pidl-perl",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "libsmbclient",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "libwbclient0",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "python-samba",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "registry-tools",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba-common",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba-common-bin",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba-dsdb-modules",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba-libs",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba-testsuite",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "samba-vfs-modules",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "smbclient",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          },
          {
            "binary_name": "winbind",
            "binary_version": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "samba",
        "purl": "pkg:deb/ubuntu/samba@2:4.3.11+dfsg-0ubuntu0.16.04.25?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.3.11+dfsg-0ubuntu0.16.04.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2:4.1.17+dfsg-4ubuntu2",
        "2:4.1.20+dfsg-1ubuntu1",
        "2:4.1.20+dfsg-1ubuntu2",
        "2:4.1.20+dfsg-1ubuntu3",
        "2:4.1.20+dfsg-1ubuntu5",
        "2:4.3.3+dfsg-1ubuntu1",
        "2:4.3.3+dfsg-1ubuntu2",
        "2:4.3.3+dfsg-1ubuntu3",
        "2:4.3.6+dfsg-1ubuntu1",
        "2:4.3.8+dfsg-0ubuntu1",
        "2:4.3.9+dfsg-0ubuntu0.16.04.1",
        "2:4.3.9+dfsg-0ubuntu0.16.04.2",
        "2:4.3.9+dfsg-0ubuntu0.16.04.3",
        "2:4.3.11+dfsg-0ubuntu0.16.04.1",
        "2:4.3.11+dfsg-0ubuntu0.16.04.3",
        "2:4.3.11+dfsg-0ubuntu0.16.04.5",
        "2:4.3.11+dfsg-0ubuntu0.16.04.6",
        "2:4.3.11+dfsg-0ubuntu0.16.04.7",
        "2:4.3.11+dfsg-0ubuntu0.16.04.8",
        "2:4.3.11+dfsg-0ubuntu0.16.04.9",
        "2:4.3.11+dfsg-0ubuntu0.16.04.10",
        "2:4.3.11+dfsg-0ubuntu0.16.04.11",
        "2:4.3.11+dfsg-0ubuntu0.16.04.12",
        "2:4.3.11+dfsg-0ubuntu0.16.04.13",
        "2:4.3.11+dfsg-0ubuntu0.16.04.15",
        "2:4.3.11+dfsg-0ubuntu0.16.04.16",
        "2:4.3.11+dfsg-0ubuntu0.16.04.17",
        "2:4.3.11+dfsg-0ubuntu0.16.04.18",
        "2:4.3.11+dfsg-0ubuntu0.16.04.19",
        "2:4.3.11+dfsg-0ubuntu0.16.04.20",
        "2:4.3.11+dfsg-0ubuntu0.16.04.21",
        "2:4.3.11+dfsg-0ubuntu0.16.04.23",
        "2:4.3.11+dfsg-0ubuntu0.16.04.24"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2019-14902",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-14907",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "ctdb",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "libnss-winbind",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "libpam-winbind",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "libparse-pidl-perl",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "libsmbclient",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "libwbclient0",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "python-samba",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "registry-tools",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba-common",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba-common-bin",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba-dsdb-modules",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba-libs",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba-testsuite",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "samba-vfs-modules",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "smbclient",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          },
          {
            "binary_name": "winbind",
            "binary_version": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:18.04:LTS",
        "name": "samba",
        "purl": "pkg:deb/ubuntu/samba@2:4.7.6+dfsg~ubuntu-0ubuntu2.15?arch=source\u0026distro=bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:4.7.6+dfsg~ubuntu-0ubuntu2.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2:4.6.7+dfsg-1ubuntu3",
        "2:4.7.1+dfsg-1ubuntu1",
        "2:4.7.3+dfsg-1ubuntu1",
        "2:4.7.4+dfsg-1ubuntu1",
        "2:4.7.6+dfsg~ubuntu-0ubuntu1",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.2",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.4",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.5",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.6",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.7",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.9",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.10",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.11",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.13",
        "2:4.7.6+dfsg~ubuntu-0ubuntu2.14"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that Samba did not automatically replicate ACLs set to\ninherit down a subtree on AD Directory, contrary to expectations. This\nissue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu\n19.10. (CVE-2019-14902)\n\nRobert \u015awi\u0119cki discovered that Samba incorrectly handled certain character\nconversions when the log level is set to 3 or above. In certain\nenvironments, a remote attacker could possibly use this issue to cause\nSamba to crash, resulting in a denial of service. (CVE-2019-14907)\n\nChristian Naumer discovered that Samba incorrectly handled DNS zone\nscavenging. This issue could possibly result in some incorrect data being\nwritten to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu\n19.10. (CVE-2019-19344)\n",
  "id": "USN-4244-1",
  "modified": "2026-04-27T14:11:25Z",
  "published": "2020-01-21T12:59:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-4244-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-14902"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-14907"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-19344"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "samba vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2019-14902",
    "UBUNTU-CVE-2019-14907",
    "UBUNTU-CVE-2019-19344"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…