Уязвимость CVE-2019-14861: Информация

Описание

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

Важность: MEDIUM (5,3) Вектор: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-14861
Опубликовано: 11 декабря 2019 г.
Изменено: 7 ноября 2023 г.
Идентификатор типа ошибки: CWE-276

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
sambasisyphus4.10.11-alt14.20.1-alt1ALT-PU-2019-3315-1242980Исправлено
sambap104.10.11-alt14.19.6-alt1ALT-PU-2019-3315-1242980Исправлено
sambap94.10.11-alt14.14.10-alt2ALT-PU-2019-3404-1242985Исправлено
sambap84.9.17-alt14.9.18-alt1ALT-PU-2019-3323-1242978Исправлено
sambac10f14.10.11-alt14.16.11-alt2ALT-PU-2019-3315-1242980Исправлено
sambac9f24.10.11-alt14.14.14-alt0.c9.1ALT-PU-2019-3404-1242985Исправлено
samba-DCp84.9.17-alt14.9.18-alt1ALT-PU-2019-3324-1242978Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://www.samba.org/samba/security/CVE-2019-14861.html
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20191210-0002/
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
  • Issue Tracking
  • Third Party Advisory
USN-4217-1
  • Third Party Advisory
USN-4217-2
  • Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_40
  • Third Party Advisory
openSUSE-SU-2019:2700
  • Mailing List
  • Third Party Advisory
GLSA-202003-52
  • Third Party Advisory
[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update
  • Mailing List
  • Third Party Advisory
FEDORA-2019-be98a08835
    FEDORA-2019-11dddb785b

        1. Конфигурация 1

          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.10.0
          End excliding
          4.10.11
          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.11.0
          End excliding
          4.11.3
          cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
          Start including
          4.0.0
          End excliding
          4.9.17

          Конфигурация 2

          cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

          Конфигурация 3

          cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

          Конфигурация 4

          cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

          Конфигурация 5

          cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Версия: v24.5.0
      Наверх