FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
samba410 < 4.10.12
samba411 < 4.11.4

Details

VuXML ID 5f0dd349-40a2-11ea-8d8c-005056a311d1
Discovery 2020-01-14
Entry 2020-01-27

The Samba Team reports:

CVE-2019-14902

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers.

CVE-2019-14907

When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs.

CVE-2019-19344

During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed.

References

CVE Name CVE-2019-14902
CVE Name CVE-2019-14907
CVE Name CVE-2019-19344
URL https://www.samba.org/samba/history/samba-4.10.12.html