CVE-2019-14861 — Incorrect Default Permissions in Samba
Severity
5.3MEDIUMNVD
EPSS
5.0%
top 10.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 10
Latest updateMay 24
Description
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively …
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5red_hat/sambaall versions 4.10.x before 4.10.11, all versions 4.11.x before 4.11.3, all versions 4.x.x before 4.9.17+2
Also affects: Debian Linux 9.0, Fedora 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10
🔴Vulnerability Details
5📋Vendor Advisories
4💬Community
2Bugzilla▶
CVE-2019-14861 samba: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name [fedora-all]↗2019-12-10
Bugzilla▶
CVE-2019-14861 samba: An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name↗2019-12-02