Three critical vulnerabilities in Samba; patches already available

This has been a complex and busy start of 2020 year for vulnerability testing specialists. This time, Samba, Microsoft’s shared file protocol just announced the release of some updates for security flaws tracked as CVE-2019-14902, CVE-2019-14097, and CVE-2019-19344.

The first of these security issues, CVE-2019-14902, is a medium severity
security error involving the granting of a new right in the target system, in
addition to the elimination of a previously granted right. If a user is allowed
to make system modifications (such as password change), deleting this right
would not be automatically reflected on all domain controllers.

The report, prepared by Samba vulnerability testing
specialists, mentions that the update completely fixes this issue, although it
is important that administrators verify full synchronization between all
potentially affected domains.

The second vulnerability, tracked as CVE-2019-14907, is also a medium
severity error that, if exploited, allows a crash after a failed character
conversion at record level three (or higher) that affects any version of Samba
after 4.0.

The vulnerability was detected on the Samba
Active Directory domain controller and can cause long-running processes to be
interrupted unexpectedly.

Last but not least, Samba revealed the
existence of CVE-2019-19344, a use-after-free
vulnerability generated during the removal of DNS zones on the Samba Active
Directory domain controller in v4.9 and later. During the release of Samba 4.9,
a default shutdown feature was included that allowed deleting dynamically
created DNS records that had reached their expiration point.

The use-after-free issue could allow that read
memory to be stored in the database in case the appropriate conditions are presented,
vulnerability testing experts mention.

As already mentioned, update patches are now
available on Samba’s official platforms; the International Institute of Cyber
Security (IICS) recommends system administrators updating potentially affected
systems as soon as possible to mitigate any exploitation risk.

You Might Also Like