Subtree Modification Permissions Flaw in Samba Products
CVE-2019-14902

5.4MEDIUM

Key Information:

Vendor: [unknown]
Status: Samba
Vendor: CVE Published:; 21 January 2020

What is CVE-2019-14902?

A permisison flaw exists in various versions of Samba where the revocation of rights to create or modify a subtree is not consistently enforced across all domain controllers. This means that even after rights are removed from a user, they might still retain the ability to modify parts of the directory, potentially leading to unauthorized access or manipulation of data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

samba all samba 4.11.x versions before 4.11.5

samba all samba 4.10.x versions before 4.10.12

samba all samba 4.9.x versions before 4.9.18

References

https://www.samba.org/samba/security/CVE-2019-14902.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902

https://security.netapp.com/advisory/ntap-20200122-0001/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2020
Vulnerability Reserved
Aug 10, 2019

JSON

[unknown]