Denial of Service Vulnerability in Samba AD DC and File Server
CVE-2019-14907
Summary
In certain versions of Samba, if the log level is set to 3 or higher, an issue arises that allows a failure in character conversion to lead to unintended string outputs. This can occur during NTLMSSP authentication exchanges, resulting in the potential termination of long-lived processes such as the RPC server within the Samba Active Directory Domain Controller. Although this may mainly affect an isolated smbd service in a file server context, the implication is that it can disrupt ongoing operations, and therefore, timely patching is advised.
Affected Version(s)
samba All versions 4.11.x before 4.11.5
samba All versions 4.10.x before 4.10.12
samba All versions 4.9.x before 4.9.18
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved