The Samba-Bugzilla – Attachment 15739 Details for
Bug 14050
[SECURITY] CVE-2019-19344 server crash with dns zone scavenging = yes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Updated advisory with version numbers
CVE-2019-14907-charcnv-advisory-02.txt (text/plain), 1.88 KB, created by
Karolin Seeger
on 2020-01-17 09:05:06 UTC
(
hide
)
Description:
Updated advisory with version numbers
Filename:
MIME Type:
Creator:
Karolin Seeger
Created:
2020-01-17 09:05:06 UTC
Size:
1.88 KB
patch
obsolete
>=========================================================== >== Subject: Crash after failed character conversion at >== log level 3 or above >== >== CVE ID#: CVE-2019-14907 >== >== Versions: Samba 4.0 and later versions >== >== Summary: When processing untrusted string input Samba >== can read past the end of the allocated buffer >== when printing a "Conversion error" message >== to the logs. >== >=========================================================== > >=========== >Description >=========== > >If samba is set with "log level = 3" (or above) then the string >obtained from the client, after a failed character conversion, is >printed. Such strings can be provided during the NTLMSSP >authentication exchange. > >In the Samba AD DC in particular, this may cause a long-lived process >(such as the RPC server) to terminate. (In the file server case, the >most likely target, smbd, operates as process-per-client and so a >crash there is harmless). > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > https://www.samba.org/samba/security/ > >Additionally, Samba 4.11.5, 4.10.12 and 4.9.18 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (6.5) > >========== >Workaround >========== > >Do not set a log level of 3 or above in production. > >======= >Credits >======= > >Originally reported by Robert ÅwiÄcki using a fuzzer he wrote. > >Patches provided by Andrew Bartlett of the Samba team and Catalyst. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15739">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14050
:
15325
|
15684
|
15691
|
15692
|
15693
|
15694
|
15696
|
15697
|
15698
|
15699
|
15700
|
15739
|
15740