Vulnerabilities > CVE-2019-14847 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
samba
opensuse
fedoraproject
CWE-476
nessus

Summary

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

Vulnerable Configurations

Part Description Count
Application
Samba
217
OS
Opensuse
1
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2547.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-09
    plugin id131821
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131821
    titleEulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131821);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2019-10218",
        "CVE-2019-14833",
        "CVE-2019-14847"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the samba packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - A flaw was found in the samba client, all samba
        versions before samba 4.11.2, 4.10.10 and 4.9.15, where
        a malicious server can supply a pathname to the client
        with separators. This could allow the client to access
        files and folders outside of the SMB network pathnames.
        An attacker could use this vulnerability to create
        files outside of the current working directory using
        the privileges of the client user.(CVE-2019-10218)
    
      - A flaw was found in Samba, all versions starting samba
        4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2,
        in the way it handles a user password change or a new
        password for a samba user. The Samba Active Directory
        Domain Controller can be configured to use a custom
        script to check for password complexity. This
        configuration can fail to verify password complexity
        when non-ASCII characters are used in the password,
        which could lead to weak passwords being set for samba
        users, making it vulnerable to dictionary
        attacks.(CVE-2019-14833)
    
      - A flaw was found in samba 4.0.0 before samba 4.9.15 and
        samba 4.10.x before 4.10.10. An attacker can crash AD
        DC LDAP server via dirsync resulting in denial of
        service. Privilege escalation is not possible with this
        issue.(CVE-2019-14847)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2547
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bab6fc12");
      script_set_attribute(attribute:"solution", value:
    "Update the affected samba packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libsmbclient-4.7.1-9.h13.eulerosv2r7",
            "libwbclient-4.7.1-9.h13.eulerosv2r7",
            "samba-4.7.1-9.h13.eulerosv2r7",
            "samba-client-4.7.1-9.h13.eulerosv2r7",
            "samba-client-libs-4.7.1-9.h13.eulerosv2r7",
            "samba-common-4.7.1-9.h13.eulerosv2r7",
            "samba-common-libs-4.7.1-9.h13.eulerosv2r7",
            "samba-common-tools-4.7.1-9.h13.eulerosv2r7",
            "samba-libs-4.7.1-9.h13.eulerosv2r7",
            "samba-python-4.7.1-9.h13.eulerosv2r7",
            "samba-winbind-4.7.1-9.h13.eulerosv2r7",
            "samba-winbind-clients-4.7.1-9.h13.eulerosv2r7",
            "samba-winbind-modules-4.7.1-9.h13.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-703E299870.NASL
    descriptionUpdate to Samba 4.9.15 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131040
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131040
    titleFedora 29 : 2:samba (2019-703e299870)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-703e299870.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131040);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2019-10218", "CVE-2019-14833", "CVE-2019-14847");
      script_xref(name:"FEDORA", value:"2019-703e299870");
    
      script_name(english:"Fedora 29 : 2:samba (2019-703e299870)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to Samba 4.9.15 - Security fixes for CVE-2019-10218,
    CVE-2019-14833, CVE-2019-14847
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-703e299870"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:samba package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"samba-4.9.15-0.fc29", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_50A1BBC9FB8011E99E70005056A311D1.NASL
    descriptionThe samba project reports : Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string. Users with the
    last seen2020-06-01
    modified2020-06-02
    plugin id130439
    published2019-11-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130439
    titleFreeBSD : samba -- multiple vulnerabilities (50a1bbc9-fb80-11e9-9e70-005056a311d1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2019 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130439);
      script_version("1.7");
      script_cvs_date("Date: 2019/12/17");
    
      script_cve_id("CVE-2019-10218", "CVE-2019-14833", "CVE-2019-14847");
    
      script_name(english:"FreeBSD : samba -- multiple vulnerabilities (50a1bbc9-fb80-11e9-9e70-005056a311d1)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The samba project reports :
    
    Malicious servers can cause Samba client code to return filenames
    containing path separators to calling code.
    
    When the password contains multi-byte (non-ASCII) characters, the
    check password script does not receive the full password string.
    
    Users with the 'get changes' extended access right can crash the AD DC
    LDAP server by requesting an attribute using the range= syntax."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2019-10218.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2019-14833.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2019-14847.html"
      );
      # https://vuxml.freebsd.org/freebsd/50a1bbc9-fb80-11e9-9e70-005056a311d1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7c42ce88"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba410");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba411");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba48");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"samba48<=4.8.12")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"samba410<4.10.10")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"samba411<4.11.2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2303.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-27
    plugin id131369
    published2019-11-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131369
    titleEulerOS 2.0 SP8 : samba (EulerOS-SA-2019-2303)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2442.NASL
    descriptionThis update for provides the following fixes : Following security issues were fixed : - CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130581
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130581
    titleopenSUSE Security Update : samba (openSUSE-2019-2442)
  • NASL familyMisc.
    NASL idSAMBA_CVE-2019-14847.NASL
    descriptionThe version of Samba running on the remote host is 4.x prior to 4.9.15, or 4.10.x prior to 4.10.10. It is, therefore, affected by a AD DC LDAP server denial of service vulnerability. An authenticated attacker with
    last seen2020-06-01
    modified2020-06-02
    plugin id130629
    published2019-11-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130629
    titleSamba 4.x < 4.9.15 / 4.10.x < 4.10.10 AD DC LDAP Server Denial of Service (CVE-2019-14847)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1231.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134520
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134520
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2020-1231)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4167-1.NASL
    descriptionMichael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Bjorn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with
    last seen2020-06-01
    modified2020-06-02
    plugin id130392
    published2019-10-30
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130392
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : samba vulnerabilities (USN-4167-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2458.NASL
    descriptionThis update for samba fixes the following issues : Security issues fixed : - CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130889
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130889
    titleopenSUSE Security Update : samba (openSUSE-2019-2458)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1270.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134736
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134736
    titleEulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2020-1270)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2866-1.NASL
    descriptionThis update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130425
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130425
    titleSUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2868-1.NASL
    descriptionThis update for samba fixes the following issues : Security issues fixed : CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130426
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130426
    titleSUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2868-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1040.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation
    last seen2020-06-01
    modified2020-06-02
    plugin id132794
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132794
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : samba (EulerOS-SA-2020-1040)