FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
samba48 <= 4.8.12
samba410 < 4.10.10
samba411 < 4.11.2

Details

VuXML ID 50a1bbc9-fb80-11e9-9e70-005056a311d1
Discovery 2019-09-29
Entry 2019-10-29

The samba project reports:

Malicious servers can cause Samba client code to return filenames containing path separators to calling code.

When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.

Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.

References

CVE Name CVE-2019-10218
CVE Name CVE-2019-14833
CVE Name CVE-2019-14847
URL https://www.samba.org/samba/security/CVE-2019-10218.html
URL https://www.samba.org/samba/security/CVE-2019-14833.html
URL https://www.samba.org/samba/security/CVE-2019-14847.html