CVE-2019-14907

EPSS 8.97%
Veröffentlicht 21.01.2020 18:15:12
Zuletzt bearbeitet 14.01.2025 19:29:55
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 4.9.0 < 4.9.18

Samba ≫ Samba Version >= 4.10.0 < 4.10.12

Samba ≫ Samba Version >= 4.11.0 < 4.11.5

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Redhat ≫ Storage Version3.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Canonical ≫ Ubuntu Linux Version19.10

Synology ≫ Directory Server Version-

Synology ≫ Router Manager Version1.2

Synology ≫ Skynas Version-

Synology ≫ Diskstation Manager Version6.2

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.97%	0.923

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H