CVE-2020-10704
https://notcve.org/view.php?id=CVE-2020-10704
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. Se encontró un fallo cuando se usa samba como un Active Directory Domain Controller. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10704 https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5KW3ZO35NVDO57JSBZHTQZOS3AIQ5QE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7DVGCHG3XPIBQ5ETGMGW7MXNOO4HFH4 htt • CWE-674: Uncontrolled Recursion •
CVE-2019-14902
https://notcve.org/view.php?id=CVE-2019-14902
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. Se presenta un problema en todas las versiones 4.11.x anteriores a 4.11.5 de samba, todas las versiones 4.10.x anteriores a 4.10.12 de samba y todas las versiones 4.9.x anteriores a 4.9.18 de samba, donde la eliminación del derecho a crear o modificar un sub-árbol no sería quitado automáticamente en todos los controladores del dominio. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT https: • CWE-284: Improper Access Control •
CVE-2019-14861
https://notcve.org/view.php?id=CVE-2019-14861
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html http://www.openwall.com/lists/oss-security/2024/06/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE https:/ • CWE-276: Incorrect Default Permissions •
CVE-2019-14870
https://notcve.org/view.php?id=CVE-2019-14870
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. Todas las versiones de Samba 4.xx anteriores a 4.9.17, versiones 4.10.x anteriores a 4.10.11 y versiones 4.11.x anteriores a 4.11.3, presentan un problema, donde el modelo de delegación de Kerberos S4U (MS-SFU) incluye una funcionalidad que permite a un subconjunto de clientes ser excluidos de la delegación restringida de cualquier manera, ya sea S4U2Self o autenticación Kerberos regular, al forzar que todos los tickets para estos clientes no sean reenviables. En AD, esto es implementado mediante un atributo de usuario delegation_not_allowed (también se conoce como no delegado), que se traduce como no permitido-reenviable. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE https: • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2019-10218 – samba: smb client vulnerable to filenames containing path separators
https://notcve.org/view.php?id=CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. Se encontró un fallo en el cliente de samba, todas las versiones de samba anteriores a samba 4.11.2, 4.10.10 y 4.9.15, donde un servidor malicioso puede suministrar un nombre de ruta al cliente con separadores. Esto podría permitir al cliente acceder a archivos y carpetas fuera de los nombres de ruta de la red SMB. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G https: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •