CVE-2019-14907
samba: Crash after failed character conversion at log level 3 or above
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Todas las versiones de samba 4.9.x anteriores a 4.9.18, 4.10.x anteriores a 4.10.12 y 4.11.x anteriores a 4.11.5, presentan un problema donde si se configura con "log level = 3" (o superior), la cadena obtenida desde el cliente, luego de una conversión de caracteres fallida, es impresa. Tales cadenas pueden ser proporcionadas durante el intercambio de autenticación NTLMSSP. En particular, en el AD DC de Samba esto puede causar que un proceso de larga duración (tal y como el servidor RPC) finalice. (En el caso del servidor de archivos, el objetivo más probable, smbd, opera como un proceso por cliente, por lo que un bloqueo allí es inofensivo).
A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2020-01-21 CVE Published
- 2024-05-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200122-0001 | Third Party Advisory |
|
| https://www.synology.com/security/advisory/Synology_SA_20_01 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.9.0 < 4.9.18 Search vendor "Samba" for product "Samba" and version " >= 4.9.0 < 4.9.18" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.10.0 < 4.10.12 Search vendor "Samba" for product "Samba" and version " >= 4.10.0 < 4.10.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.11.0 < 4.11.5 Search vendor "Samba" for product "Samba" and version " >= 4.11.0 < 4.11.5" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Storage Search vendor "Redhat" for product "Storage" | 3.0 Search vendor "Redhat" for product "Storage" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Directory Server Search vendor "Synology" for product "Directory Server" | - | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | 6.2 Search vendor "Synology" for product "Diskstation Manager" and version "6.2" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Router Manager Search vendor "Synology" for product "Router Manager" | 1.2 Search vendor "Synology" for product "Router Manager" and version "1.2" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Skynas Search vendor "Synology" for product "Skynas" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||