6.4
CVE-2019-14870
- EPSS 2.78%
- Veröffentlicht 10.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:33
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Canonical ≫ Ubuntu Linux Version19.10
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.78% | 0.845 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
| secalert@redhat.com | 5.4 | 2.8 | 2.5 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://security.gentoo.org/glsa/202003-52
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
https://security.netapp.com/advisory/ntap-20191210-0002/
https://usn.ubuntu.com/4217-1/
https://usn.ubuntu.com/4217-2/
https://www.synology.com/security/advisory/Synology_SA_19_40
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870
https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
https://security.gentoo.org/glsa/202310-06
https://security.netapp.com/advisory/ntap-20230216-0008/
https://www.samba.org/samba/security/CVE-2019-14870.html