CVE-2019-14870 — Improper Authorization in Samba
Severity
5.4MEDIUMNVD
OSV5.3
EPSS
4.7%
top 10.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 10
Latest updateNov 15
Description
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwarda…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5
Affected Packages6 packages
▶CVEListV5red_hat/sambaall versions 4.10.x before 4.10.11, all versions 4.11.x before 4.11.3, all versions 4.x.x before 4.9.17+2
Also affects: Debian Linux 10.0, 9.0, Fedora 30, 31, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10
🔴Vulnerability Details
5📋Vendor Advisories
5💬Community
2Bugzilla▶
CVE-2019-14870 samba: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC [fedora-all]↗2019-12-10
Bugzilla▶
CVE-2019-14870 samba: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC↗2019-12-02