Improperly implemented security feature in Samba

#VU23470 Improperly implemented security feature in Samba

Cybersecurity Help s.r.o.

Published: 2019-12-10

Vulnerability identifier: #VU23470

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14870

CWE-ID: CWE-358

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of the DelegationNotAllowed Kerberos feature restriction ("delegation_not_allowed" user attribute) that is not applied when processing protocol transmission requests (S4U2Self) in the AD DC KDC. A remote authenticated user can gain access to sensitive information and functionality within the AD domain.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Samba: 4.0.0 - 4.0.26, 4.1.0 - 4.11.2, 4.2.0 - 4.2.14, 4.3.0 - 4.3.13, 4.4.0 rc4 - 4.4.16, 4.5.0 - 4.5.16, 4.6.0 - 4.6.16, 4.7.0 - 4.7.12, 4.8.0 - 4.8.12, 4.9.0 - 4.9.16

External links
http://www.samba.org/samba/security/CVE-2019-14870.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

FreeBSD update for heimdal

Multiple vulnerabilities in Heimdal

Gentoo update for Samba

OpenSUSE Linux update for samba

Ubuntu 14.04 ESM update for Samba

Ubuntu update for Samba

Multiple vulnerabilities in Samba

Improperly implemented security feature in samba (Alpine package)