FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
samba48 <= 4.8.12
samba410 < 4.10.10
samba411 < 4.11.2

Details

VuXML ID 50a1bbc9-fb80-11e9-9e70-005056a311d1
Discovery 2019-09-29
Entry 2019-10-29

The samba project reports:

Malicious servers can cause Samba client code to return filenames containing path separators to calling code.

[source]

When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.

[source]

Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.

[source]

References

CVE Name CVE-2019-10218
CVE Name CVE-2019-14833
CVE Name CVE-2019-14847
URL https://www.samba.org/samba/security/CVE-2019-10218.html
URL https://www.samba.org/samba/security/CVE-2019-14833.html
URL https://www.samba.org/samba/security/CVE-2019-14847.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.