Korean
<< Back
VID 23308
Severity 30
Port 139
Protocol TCP
Class Samba
Detailed Description The version of Samba running on the remote host is 4.9.x prior to 4.9.18. It is, therefore, affected by multiple vulnerabilities:

- An issue exists with ACL inheritance due to added or removed delegated rights not being inherited across domain controllers. An authenticated, remote attacker can exploit this to create or remove a subtree when the permission should have been removed from the user. (CVE-2019-14902)

- A denial of service (DoS) vulnerability exists due to Samba incorrectly converting characters printed during the NTLMSSP exchange when the log level is set to 3. An authenticated, remote attacker can exploit this issue, to cause some long-lived processes like the RPC server to stop responding. (CVE-2019-14907)

- A use-after-free error exists in the code used to 'tombstone' dynamically created DNS records that have reached their expiry time, due to an improper realloc() call. An authenticated, remote attacker may be able to exploit this to cause read memory to be written to the DB. (CVE-2019-19344)

* References:
https://www.samba.org/samba/security/CVE-2019-14902.html
https://www.samba.org/samba/security/CVE-2019-14907.html
https://www.samba.org/samba/security/CVE-2019-19344.html

* Platforms Affected:
Samba Project, Samba versions 4.9.x before 4.9.18
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.9.18 or later, available from the Samba Web site at https://www.samba.org/samba/download/
Related URL CVE-2019-14902,CVE-2019-14907,CVE-2019-19344 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)