samba: Multiple vulnerabilities (CVE-2019-14902, CVE-2019-14907, CVE-2019-19344)
CVE-2019-14902: Replication of ACLs set to inherit down a subtree on Directory not automatic.
A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.
Fixed In Version:
Samba 4.11.5, 4.10.12 and 4.9.18
References:
- https://www.samba.org/samba/security/CVE-2019-14902.html
- https://www.samba.org/samba/history/security.html
CVE-2019-14907: Crash after failed character conversion at log level 3 or above.
If samba is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.
Fixed In Version:
Samba 4.11.5, 4.10.12 and 4.9.18
References:
- https://www.samba.org/samba/security/CVE-2019-14907.html
- https://www.samba.org/samba/history/security.html
CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time.
This feature is controlled by the smb.conf option: dns zone scavenging = yes
There is a use-after-free issue in this code, essentially due to a call to realloc() while other local variables still point at the original buffer.
Does not affect alpine 3.8 and 3.9.
Fixed In Version:
Samba 4.11.5, 4.10.12 and 4.9.18
References:
- https://www.samba.org/samba/security/CVE-2019-19344.html
- https://www.samba.org/samba/history/security.html