Errata ALT-PU-2019-3324-1: Information
Fixes
Published: Dec. 10, 2019
BDU:2021-01694
Уязвимость компонента DCE/RPC DNS программного обеспечения для общения с сетевыми дисками Samba, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Dec. 10, 2019
BDU:2021-01743
Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Links:
Published: Dec. 11, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-14861
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.samba.org/samba/security/CVE-2019-14861.html
- https://security.netapp.com/advisory/ntap-20191210-0002/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
- USN-4217-1
- USN-4217-2
- https://www.synology.com/security/advisory/Synology_SA_19_40
- openSUSE-SU-2019:2700
- GLSA-202003-52
- [debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update
- FEDORA-2019-be98a08835
- FEDORA-2019-11dddb785b
Published: Dec. 11, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-14870
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.
Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Links:
- https://www.samba.org/samba/security/CVE-2019-14870.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14870
- https://security.netapp.com/advisory/ntap-20191210-0002/
- USN-4217-1
- USN-4217-2
- https://www.synology.com/security/advisory/Synology_SA_19_40
- openSUSE-SU-2019:2700
- GLSA-202003-52
- [debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update
- [debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update
- https://security.netapp.com/advisory/ntap-20230216-0008/
- GLSA-202310-06
- FEDORA-2019-be98a08835
- FEDORA-2019-11dddb785b