CVE-2019-14861
First published: Tue Dec 10 2019(Updated: )
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/samba | 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.21.0+dfsg-1 | |
| Samba | >=4.0.0<4.9.17 | |
| Samba | >=4.10.0<4.10.11 | |
| Samba | >=4.11.0<4.11.3 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.04 | |
| Ubuntu Linux | =19.10 | |
| openSUSE | =15.1 | |
| Debian GNU/Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
- https://security.gentoo.org/glsa/202003-52
- https://security.netapp.com/advisory/ntap-20191210-0002/
- https://usn.ubuntu.com/4217-1/
- https://usn.ubuntu.com/4217-2/
- https://www.samba.org/samba/security/CVE-2019-14861.html
- https://www.synology.com/security/advisory/Synology_SA_19_40
- http://www.openwall.com/lists/oss-security/2024/06/24/3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/
- https://launchpad.net/bugs/cve/CVE-2019-14861
- https://security-tracker.debian.org/tracker/CVE-2019-14861
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861
- https://nvd.nist.gov/vuln/detail/CVE-2019-14861
- https://ubuntu.com/security/CVE-2019-14861
Frequently Asked Questions
What is the severity of CVE-2019-14861?
CVE-2019-14861 is considered to have high severity due to its potential impact on DNS records and zones within Samba deployments.
How do I fix CVE-2019-14861?
To fix CVE-2019-14861, upgrade Samba to a version that is not vulnerable, such as Samba 4.9.17, 4.10.11, or 4.11.3 and above.
What versions of Samba are affected by CVE-2019-14861?
CVE-2019-14861 affects all Samba versions from 4.0.0 up to but not including 4.9.17, 4.10.0 up to but not including 4.10.11, and 4.11.0 up to but not including 4.11.3.
What types of systems are impacted by CVE-2019-14861?
CVE-2019-14861 impacts systems running vulnerable versions of Samba, including various Linux distributions such as Debian, Ubuntu, and Fedora.
What is the nature of the vulnerability in CVE-2019-14861?
The vulnerability in CVE-2019-14861 allows unauthorized administrative access to manipulate DNS records through the dnsserver RPC pipe.
- agent/type
- agent/weakness
- agent/severity
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- collector/nvd-index
- package-manager/debian
- vendor/samba
- canonical/samba
- version/samba/4.0.0
- version/samba/4.10.0
- version/samba/4.11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/19.04
- version/ubuntu linux/19.10
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0