vulnerability

Huawei EulerOS: CVE-2019-14870: samba security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Dec 10, 2019	Nov 3, 2020	Apr 1, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Dec 10, 2019

Added

Nov 3, 2020

Modified

Apr 1, 2026

Description

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

Solutions

huawei-euleros-2_0_sp2-upgrade-libsmbclienthuawei-euleros-2_0_sp2-upgrade-libwbclienthuawei-euleros-2_0_sp2-upgrade-sambahuawei-euleros-2_0_sp2-upgrade-samba-clienthuawei-euleros-2_0_sp2-upgrade-samba-client-libshuawei-euleros-2_0_sp2-upgrade-samba-commonhuawei-euleros-2_0_sp2-upgrade-samba-common-libshuawei-euleros-2_0_sp2-upgrade-samba-common-toolshuawei-euleros-2_0_sp2-upgrade-samba-libshuawei-euleros-2_0_sp2-upgrade-samba-pythonhuawei-euleros-2_0_sp2-upgrade-samba-winbindhuawei-euleros-2_0_sp2-upgrade-samba-winbind-clientshuawei-euleros-2_0_sp2-upgrade-samba-winbind-modules

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report