Subtree Modification Permissions Flaw in Samba Products
CVE-2019-14902

5.4MEDIUM

Key Information:

Vendor: [unknown]
Status: Samba
Vendor: CVE Published:; 21 January 2020

What is CVE-2019-14902?

A permisison flaw exists in various versions of Samba where the revocation of rights to create or modify a subtree is not consistently enforced across all domain controllers. This means that even after rights are removed from a user, they might still retain the ability to modify parts of the directory, potentially leading to unauthorized access or manipulation of data.

Affected Version(s)

samba all samba 4.11.x versions before 4.11.5

samba all samba 4.10.x versions before 4.10.12

samba all samba 4.9.x versions before 4.9.18

References

https://www.samba.org/samba/security/CVE-2019-14902.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902

https://security.netapp.com/advisory/ntap-20200122-0001/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2020
Vulnerability Reserved
Aug 10, 2019

CVE-2019-14902 Data

JSON

[unknown]

What is CVE-2019-14902?

Affected Version(s)

References

CVSS V3.1

Timeline