CVE-2019-14902Improper Access Control in Samba

CWE-284Improper Access Control10 documents8 sources
Severity
5.4MEDIUMNVD
EPSS
3.5%
top 12.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedJan 21
Latest updateMay 24

Description

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

NVDsamba/samba4.0.04.9.18+2
Debiansamba/samba< 2:4.11.5+dfsg-1+3
Ubuntusamba/samba< 2:4.3.11+dfsg-0ubuntu0.16.04.25+1
NVDopensuse/leap15.1

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 19.04, 19.10

🔴Vulnerability Details

4
GHSA
GHSA-h5p3-7352-mh38: There is an issue in all samba 42022-05-24
OSV
CVE-2019-14902: There is an issue in all samba 42020-01-21
CVEList
CVE-2019-14902: There is an issue in all samba 42020-01-21
OSV
samba vulnerabilities2020-01-21

📋Vendor Advisories

3
Ubuntu
Samba vulnerabilities2020-01-21
Red Hat
samba: Replication of ACLs set to inherit down a subtree on AD Directory not automatic2020-01-21
Debian
CVE-2019-14902: samba - There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x v...2019

💬Community

2
Bugzilla
CVE-2019-14902 samba: Replication of ACLs set to inherit down a subtree on AD Directory not automatic [fedora-all]2020-01-21
Bugzilla
CVE-2019-14902 samba: Replication of ACLs set to inherit down a subtree on AD Directory not automatic2020-01-15