Vulnerability Details : CVE-2019-14861
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
Products affected by CVE-2019-14861
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Threat overview for CVE-2019-14861
Top countries where our scanners detected CVE-2019-14861
Top open port discovered on systems with this issue
445
IPs affected by CVE-2019-14861 187,948
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-14861!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-14861
1.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14861
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.6
|
3.6
|
Red Hat, Inc. | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2019-14861
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2019-14861
-
https://usn.ubuntu.com/4217-2/
USN-4217-2: Samba vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20191210-0002/
December 2019 Samba Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.gentoo.org/glsa/202003-52
Samba: Multiple vulnerabilities (GLSA 202003-52) — Gentoo securityThird Party Advisory
-
https://www.synology.com/security/advisory/Synology_SA_19_40
Synology Inc.Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
[SECURITY] Fedora 30 Update: samba-4.10.11-0.fc30 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://usn.ubuntu.com/4217-1/
USN-4217-1: Samba vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://www.samba.org/samba/security/CVE-2019-14861.html
Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
1778586 – (CVE-2019-14861) CVE-2019-14861 samba: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone nameIssue Tracking;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
[SECURITY] Fedora 31 Update: samba-4.11.3-0.fc31 - package-announce - Fedora Mailing-Lists
-
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
[SECURITY] [DLA 2668-1] samba security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
[SECURITY] Fedora 30 Update: samba-4.10.11-0.fc30 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
[SECURITY] Fedora 31 Update: samba-4.11.3-0.fc31 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
[security-announce] openSUSE-SU-2019:2700-1: important: Security updateMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/06/24/3
oss-security - Re: Out-of-bounds read & write in the glibc's qsort()
Jump to