{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-14907", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-05T00:34:52.321Z", "dateReserved": "2019-08-10T00:00:00", "datePublished": "2020-01-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-14T16:06:16.214931"}, "descriptions": [{"lang": "en", "value": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)."}], "affected": [{"vendor": "Red Hat", "product": "samba", "versions": [{"version": "All versions 4.11.x before 4.11.5", "status": "affected"}, {"version": "All versions 4.10.x before 4.10.12", "status": "affected"}, {"version": "All versions 4.9.x before 4.9.18", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907"}, {"url": "https://www.samba.org/samba/security/CVE-2019-14907.html"}, {"url": "https://security.netapp.com/advisory/ntap-20200122-0001/"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_20_01"}, {"name": "USN-4244-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4244-1/"}, {"name": "openSUSE-SU-2020:0122", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"}, {"name": "FEDORA-2020-6bd386c7eb", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"}, {"name": "FEDORA-2020-f92cd0e72b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"}, {"name": "GLSA-202003-52", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-125", "cweId": "CWE-125"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:52.321Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2019-14907.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20200122-0001/", "tags": ["x_transferred"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_20_01", "tags": ["x_transferred"]}, {"name": "USN-4244-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4244-1/"}, {"name": "openSUSE-SU-2020:0122", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"}, {"name": "FEDORA-2020-6bd386c7eb", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"}, {"name": "FEDORA-2020-f92cd0e72b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"}, {"name": "GLSA-202003-52", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "90EC6BC6-BE25-4A68-852D-B58BCA1A6624", "versionEndExcluding": "4.9.18", "versionStartIncluding": "4.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7487A1D-2694-41FC-895C-4679A6595EBE", "versionEndExcluding": "4.10.12", "versionStartIncluding": "4.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "B316BA8C-6822-49AA-8198-52E779B717DF", "versionEndExcluding": "4.11.5", "versionStartIncluding": "4.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "83512426-0B96-43E2-AFBA-592B25E61676", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "022A0BC6-2C70-406D-8D60-EC6F9F6A90CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "85F6D2BF-23EA-4D44-8126-64EA85184D38", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)."}, {"lang": "es", "value": "Todas las versiones de samba 4.9.x anteriores a 4.9.18, 4.10.x anteriores a 4.10.12 y 4.11.x anteriores a 4.11.5, presentan un problema donde si se configura con \"log level = 3\" (o superior), la cadena obtenida desde el cliente, luego de una conversi\u00f3n de caracteres fallida, es impresa. Tales cadenas pueden ser proporcionadas durante el intercambio de autenticaci\u00f3n NTLMSSP. En particular, en el AD DC de Samba esto puede causar que un proceso de larga duraci\u00f3n (tal y como el servidor RPC) finalice. (En el caso del servidor de archivos, el objetivo m\u00e1s probable, smbd, opera como un proceso por cliente, por lo que un bloqueo all\u00ed es inofensivo)."}], "id": "CVE-2019-14907", "lastModified": "2023-11-07T03:05:22.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-01-21T18:15:12.717", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-52"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200122-0001/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4244-1/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2019-14907.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_20_01"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Robert \u015awi\u0119cki as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:3981", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.10.16-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "openchange-0:2.3-24.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "samba-0:4.11.2-13.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openchange-0:2.3-24.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "samba-0:4.11.2-13.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:0943", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "libtalloc-0:2.2.0-9.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0943", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "libtdb-0:1.4.2-4.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0943", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "libtevent-0:0.10.0-4.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0943", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "samba-0:4.11.6-104.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2020-03-23T00:00:00Z"}], "bugzilla": {"description": "samba: Crash after failed character conversion at log level 3 or above", "id": "1791207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791207"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).", "A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "Do not set a log level of 3 or above in production."}, "name": "CVE-2019-14907", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2020-01-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-14907\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14907\nhttps://www.samba.org/samba/security/CVE-2019-14907.html"], "threat_severity": "Moderate", "upstream_fix": "samba 4.11.5, samba 4.10.12, samba 4.9.18"}