vulnerability

FreeBSD: VID-50A1BBC9-FB80-11E9-9E70-005056A311D1 (CVE-2019-14833): samba -- multiple vulnerabilities

Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Sep 29, 2019
Added
Nov 1, 2019
Modified
Jan 22, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-50A1BBC9-FB80-11E9-9E70-005056A311D1:




The samba project reports:



Malicious servers can cause Samba client code to return filenames containing


path separators to calling code.




When the password contains multi-byte (non-ASCII) characters, the check


password script does not receive the full password string.




Users with the "get changes" extended access right can crash the AD DC LDAP


server by requesting an attribute using the range= syntax.




Solution(s)

freebsd-upgrade-package-samba410freebsd-upgrade-package-samba411freebsd-upgrade-package-samba48
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.