Debian 9: DLA-2668-1 Important Samba Security Advisory Released
debian lts
May 29, 2021
Several vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server for Unix
Summary
CVE-2019-10218
A flaw was found in the samba client, where a malicious server can
supply a pathname to the client with separators. This could allow
the client to access files and folders outside of the SMB network
pathnames. An attacker could use this vulnerability to create
files outside of the current working directory using the
privileges of the client user.
CVE-2019-14833
A flaw was found in Samba, in the way it handles a user password
change or a new password for a samba user. The Samba Active
Directory Domain Controller can be configured to use a custom
script to check for password complexity. This configuration can
fail to verify password complexity when non-ASCII characters are
used in the password, which could lead to weak passwords being set
for samba users, making it vulnerable to dictionary attacks.
CVE-2019-14847
A flaw was found in samba where an attacker can crash AD DC LDAP
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: samba
Version: 2:4.5.16+dfsg-1+deb9u4
CVE ID: CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 CVE-2019-14861
Debian Bug: 946786
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!