CVE-2019-14861

Published: Dic 10, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-5980 Aliases: GSD-2019-14861
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
LOW 3,5
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: single
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0165
Percentile
0,8th
Updated

EPSS Score Trend (Last 91 Days)

276

Incorrect Default Permissions

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity
Potential Impacts:
Read Application Data Modify Application Data
Applicable Platforms
Technologies: Not Technology-Specific, ICS/OT
Likelihood of Exploit: Medium
View CWE Details
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Samba by Samba

Product Information
Vendor Samba
Product Samba
Version Range Affected
From 4.0.0 (inclusive)
To 4.9.17 (exclusive)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Samba by Samba

Product Information
Vendor Samba
Product Samba
Version Range Affected
From 4.11.0 (inclusive)
To 4.11.3 (exclusive)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Leap by Opensuse

Product Information
Vendor Opensuse
Product Leap
Version 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Samba by Samba

Product Information
Vendor Samba
Product Samba
Version Range Affected
From 4.10.0 (inclusive)
To 4.10.11 (exclusive)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://lists.opensuse.org/opensuse-security-announce/2019-1…
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
https://lists.debian.org/debian-lts-announce/2021/05/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.gentoo.org/glsa/202003-52
Third Party Advisory
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20191210-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191210-0002/
https://usn.ubuntu.com/4217-1/
Third Party Advisory
https://usn.ubuntu.com/4217-1/
https://usn.ubuntu.com/4217-2/
Third Party Advisory
https://usn.ubuntu.com/4217-2/
https://www.samba.org/samba/security/CVE-2019-14861.html
Vendor Advisory
https://www.samba.org/samba/security/CVE-2019-14861.html
https://www.synology.com/security/advisory/Synology_SA_19_40
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_40
http://www.openwall.com/lists/oss-security/2024/06/24/3
http://www.openwall.com/lists/oss-security/2024/06/24/3
http://lists.opensuse.org/opensuse-security-announce/2019-1…
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
https://lists.debian.org/debian-lts-announce/2021/05/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.gentoo.org/glsa/202003-52
Third Party Advisory
https://security.gentoo.org/glsa/202003-52
https://security.netapp.com/advisory/ntap-20191210-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191210-0002/
https://usn.ubuntu.com/4217-1/
Third Party Advisory
https://usn.ubuntu.com/4217-1/
https://usn.ubuntu.com/4217-2/
Third Party Advisory
https://usn.ubuntu.com/4217-2/
https://www.samba.org/samba/security/CVE-2019-14861.html
Vendor Advisory
https://www.samba.org/samba/security/CVE-2019-14861.html
https://www.synology.com/security/advisory/Synology_SA_19_40
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_40
http://www.openwall.com/lists/oss-security/2024/06/24/3
http://www.openwall.com/lists/oss-security/2024/06/24/3