Debian LTS Samba DLA-3563-1 Critical: Multiple Security Flaws Resolved
debian lts
September 14, 2023
Several vulnerabilities were discovered in Samba, the SMB/CIFS file, print, and login server for Unix
Topics Covered
Summary
CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An
attacker could use this flaw to retrieve the plaintext password sent over
the wire even if Kerberos authentication was required.
CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba
4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname
to the client with separators. This could allow the client to access files
and folders outside of the SMB network pathnames. An attacker could use this
vulnerability to create files outside of the current working directory using
the privileges of the client user.
CVE-2019-14833
A flaw was found in Samba, all versions starting samba 4.5.0 before samba
4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password
change or a new password for a samba user. The Samba Active Directory Domain
Controller can be configured to use a custom script to check for password
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: samba
Version: 2:4.9.5+dfsg-5+deb10u4
CVE ID: CVE-2016-2124 CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
Debian Bug:
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!