CVE & CISA-KEV Catalog

CVE-2019-14861

MEDIUMEPSS 81th pctl
5.3
CVSS v3
NVD

Description

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

How to fix

Remediation Available
sambaDebian
Fixed in:2:4.11.3+dfsg-1CVE-2019-14861
Fixed in:2:4.11.3+dfsg-1CVE-2019-14861
Fixed in:2:4.11.3+dfsg-1CVE-2019-14861
Fixed in:2:4.11.3+dfsg-1CVE-2019-14861
libsmbclientUbuntu
Fixed in:2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4USN-4217-2
Fixed in:2:4.3.11+dfsg-0ubuntu0.16.04.24USN-4217-1
Fixed in:2:4.7.6+dfsg~ubuntu-0ubuntu2.14USN-4217-1
sambaUbuntu
Fixed in:2:4.3.11+dfsg-0ubuntu0.14.04.20+esm4USN-4217-2
Fixed in:2:4.3.11+dfsg-0ubuntu0.16.04.24USN-4217-1
Fixed in:2:4.7.6+dfsg~ubuntu-0ubuntu2.14USN-4217-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

2.30%probability of exploitation in 30 days
81stpercentile

Elevated risk: more likely to be exploited than 81% of all known CVEs.

References

Embed a live status badge for CVE-2019-14861
CVE-2019-14861 severity badge

Markdown

[![CVE-2019-14861](https://tridentstack.com/cve/badge/CVE-2019-14861.svg)](https://tridentstack.com/cve/CVE-2019-14861)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-14861"><img src="https://tridentstack.com/cve/badge/CVE-2019-14861.svg" alt="CVE-2019-14861"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.