{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-14861", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-05T00:26:39.136Z", "dateReserved": "2019-08-10T00:00:00", "datePublished": "2019-12-10T22:19:05"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-06-25T01:05:54.054469"}, "descriptions": [{"lang": "en", "value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer."}], "affected": [{"vendor": "Red Hat", "product": "samba", "versions": [{"version": "all versions 4.11.x before 4.11.3", "status": "affected"}, {"version": "all versions 4.10.x before 4.10.11", "status": "affected"}, {"version": "all versions 4.x.x before 4.9.17", "status": "affected"}]}], "references": [{"name": "USN-4217-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4217-1/"}, {"name": "USN-4217-2", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4217-2/"}, {"name": "FEDORA-2019-be98a08835", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"}, {"name": "openSUSE-SU-2019:2700", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"}, {"name": "FEDORA-2019-11dddb785b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"}, {"name": "GLSA-202003-52", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"}, {"url": "https://security.netapp.com/advisory/ntap-20191210-0002/"}, {"url": "https://www.samba.org/samba/security/CVE-2019-14861.html"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_40"}, {"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"name": "[oss-security] 20240625 Re: Out-of-bounds read & write in the glibc's qsort()", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276", "cweId": "CWE-276"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T15:36:30.362174Z", "id": "CVE-2019-14861", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T15:37:11.263Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:26:39.136Z"}, "title": "CVE Program Container", "references": [{"name": "USN-4217-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4217-1/"}, {"name": "USN-4217-2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4217-2/"}, {"name": "FEDORA-2019-be98a08835", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"}, {"name": "openSUSE-SU-2019:2700", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"}, {"name": "FEDORA-2019-11dddb785b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"}, {"name": "GLSA-202003-52", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20191210-0002/", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2019-14861.html", "tags": ["x_transferred"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_40", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"name": "[oss-security] 20240625 Re: Out-of-bounds read & write in the glibc's qsort()", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://usn.ubuntu.com/4217-1/", "name": "USN-4217-1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4217-2/", "name": "USN-4217-2", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/", "name": "FEDORA-2019-be98a08835", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html", "name": "openSUSE-SU-2019:2700", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/", "name": "FEDORA-2019-11dddb785b", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202003-52", "name": "GLSA-202003-52", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20191210-0002/", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2019-14861.html", "tags": ["x_transferred"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_40", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html", "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/24/3", "name": "[oss-security] 20240625 Re: Out-of-bounds read & write in the glibc's qsort()", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:26:39.136Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-14861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-25T15:36:30.362174Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T15:37:01.074Z"}}], "cna": {"metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Red Hat", "product": "samba", "versions": [{"status": "affected", "version": "all versions 4.11.x before 4.11.3"}, {"status": "affected", "version": "all versions 4.10.x before 4.10.11"}, {"status": "affected", "version": "all versions 4.x.x before 4.9.17"}]}], "references": [{"url": "https://usn.ubuntu.com/4217-1/", "name": "USN-4217-1", "tags": ["vendor-advisory"]}, {"url": "https://usn.ubuntu.com/4217-2/", "name": "USN-4217-2", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/", "name": "FEDORA-2019-be98a08835", "tags": ["vendor-advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html", "name": "openSUSE-SU-2019:2700", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/", "name": "FEDORA-2019-11dddb785b", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202003-52", "name": "GLSA-202003-52", "tags": ["vendor-advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"}, {"url": "https://security.netapp.com/advisory/ntap-20191210-0002/"}, {"url": "https://www.samba.org/samba/security/CVE-2019-14861.html"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_40"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html", "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/24/3", "name": "[oss-security] 20240625 Re: Out-of-bounds read & write in the glibc's qsort()", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-06-25T01:05:54.054469"}}}, "cveMetadata": {"cveId": "CVE-2019-14861", "state": "PUBLISHED", "dateUpdated": "2024-08-05T00:26:39.136Z", "dateReserved": "2019-08-10T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2019-12-10T22:19:05", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "26C10D91-8EB3-4869-9C66-B73EF3A4F270", "versionEndExcluding": "4.9.17", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA37AE3F-78AA-4807-8C66-7C197045D0F8", "versionEndExcluding": "4.10.11", "versionStartIncluding": "4.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "776B9CDE-BF44-4A36-9C07-F0F71E66533D", "versionEndExcluding": "4.11.3", "versionStartIncluding": "4.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer."}, {"lang": "es", "value": "Todas las versiones de Samba versiones 4.x.x anteriores a 4.9.17, versiones 4.10.x anteriores a 4.10.11 y versiones 4.11.x anteriores a 4.11.3, presentan un problema en el que la tuber\u00eda RPC dnsserver (pobremente nombrada) provee instalaciones administrativas para modificar registros y zonas DNS. Samba, cuando act\u00faa como AD DC, almacena registros DNS en LDAP. En AD, los permisos predeterminados en la partici\u00f3n DNS permiten la creaci\u00f3n de nuevos registros por parte de usuarios autenticados. Esto es usado, por ejemplo, para permitir que las m\u00e1quinas se registren autom\u00e1ticamente en DNS. Si un registro DNS fue creado que no distingue entre may\u00fasculas y min\u00fasculas el nombre de la zona, las rutinas ldb_qsort() y dns_name_compare() podr\u00edan ser confundidas en la memoria de lectura antes de la lista de entradas DNS al responder a la funci\u00f3n DnssrvEnumRecords() o DnssrvEnumRecords2() y entonces seguir la memoria inv\u00e1lida como un puntero."}], "id": "CVE-2019-14861", "lastModified": "2024-11-21T04:27:31.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-10T23:15:10.360", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191210-0002/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4217-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4217-2/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2019-14861.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191210-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4217-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4217-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2019-14861.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_40"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Andreas Oster as the original reporter.", "bugzilla": {"description": "samba: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name", "id": "1778586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1778586"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-276", "details": ["All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer."], "mitigation": {"lang": "en:us", "value": "The dnsserver task can be stopped by setting\n~~~\n'dcerpc endpoint servers = -dnsserver'\n~~~\nin the smb.conf and restarting Samba."}, "name": "CVE-2019-14861", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 3"}], "public_date": "2019-12-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-14861\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14861\nhttps://www.samba.org/samba/security/CVE-2019-14861.html"], "statement": "This flaw does not affect the version of samba shipped with Red Hat Enterprise Linux because there is no support for samba as Active Directory Domain Controller.", "threat_severity": "Moderate"}

{}