vulnerability

Gentoo Linux: CVE-2019-14907: Samba: Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:H/Au:N/C:N/I:N/A:P)	Jan 21, 2020	Mar 27, 2020	Aug 13, 2025

Severity

CVSS

(AV:N/AC:H/Au:N/C:N/I:N/A:P)

Published

Jan 21, 2020

Added

Mar 27, 2020

Modified

Aug 13, 2025

Description

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Solution

gentoo-linux-upgrade-net-fs-samba

References

CVE-2019-14907
https://attackerkb.com/topics/CVE-2019-14907
CWE-125
GENTOO-202003-52

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today