CVE-2019-14902 Information

Feb 14, 2021 cve

Description

There is an issue in all samba 4.11.x versions before 4.11.5 all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18 where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/ https://security.gentoo.org/glsa/202003-52 https://security.netapp.com/advisory/ntap-20200122-0001/ https://usn.ubuntu.com/4244-1/ https://www.samba.org/samba/security/CVE-2019-14902.html https://www.synology.com/security/advisory/Synology_SA_20_01

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: