CVE-2019-14861

 

Published at: - 11-12-2019 12:15

Last modified: - 30-01-2023 08:56

Total changes: - 3

Description

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://www.samba.org/samba/security/CVE-2019-14861.html
• https://security.netapp.com/advisory/ntap-20191210-0002/
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
• USN-4217-1-Third Party Advisory
• USN-4217-2-Third Party Advisory
• FEDORA-2019-be98a08835-Third Party Advisory
• https://www.synology.com/security/advisory/Synology_SA_19_40
• openSUSE-SU-2019:2700-Mailing List, Third Party Advisory
• FEDORA-2019-11dddb785b-Third Party Advisory
• GLSA-202003-52-Third Party Advisory
• [debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2019-14861

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures