CVE-2019-14907

EPSS 8.97%
Published 21.01.2020 18:15:12
Last modified 14.01.2025 19:29:55
Source secalert@redhat.com
Teams watchlist Login
Open Login

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Affected products Warnungen 0 Metrics 4 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 4.9.0 < 4.9.18

Samba ≫ Samba Version >= 4.10.0 < 4.10.12

Samba ≫ Samba Version >= 4.11.0 < 4.11.5

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Redhat ≫ Storage Version3.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Canonical ≫ Ubuntu Linux Version19.10

Synology ≫ Directory Server Version-

Synology ≫ Router Manager Version1.2

Synology ≫ Skynas Version-

Synology ≫ Diskstation Manager Version6.2

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.97%	0.923

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H