CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
78.5%
The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a ‘full-sync’ replication, ACLs could get out of sync between domain controllers (CVE-2019-14902). When processing untrusted string input Samba can read past the end of the allocated buffer when printing a “Conversion error” message to the logs. This can cause a crash after the failed character conversion when operating at log level 3 or above (CVE-2019-14907). During DNS zone scavenging (of expired dynamic entries) in a Samba AD DC, there is a read of memory after it has been freed (CVE-2019-19344). Note that manual intervention is required to fully implement the fix for CVE-2019-14902. See the upstream advisory for details.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | samba | < 4.10.12-1 | samba-4.10.12-1.mga7 |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
78.5%