SB2020012905 - OpenSUSE Linux update for samba 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020012905

SB2020012905 - OpenSUSE Linux update for samba

Published: January 29, 2020

Security Bulletin ID SB2020012905
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2019-14902)

The vulnerability allows a remote attacker to bypass implemented security checks.

The vulnerability exists due to absent full-sync replication that did not allow ACL changes to be replicated to all domain controllers. A remote attacker can gain access to sensitive resources.


2) Improper input validation (CVE-ID: CVE-2019-14907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of certain user-controlled string, if logging is enabled at level 3 or above. A remote attacker can send specially crafted data to the Samba DC and terminate Samba RPC server.

3) Use-after-free (CVE-ID: CVE-2019-19344)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error during DNS zone scavenging. A remote attacker can under rare conditions to query DNS and obtain parts of memory that was written into database during zone scavenging process.


Remediation

Install update from vendor's website.

References