1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2019-14907.html:</H2>
15 ===========================================================
16 == Subject: Crash after failed character conversion at
17 == log level 3 or above
19 == CVE ID#: CVE-2019-14907
21 == Versions: Samba 4.0 and later versions
23 == Summary: When processing untrusted string input Samba
24 == can read past the end of the allocated buffer
25 == when printing a "Conversion error" message
28 ===========================================================
34 If samba is set with "log level = 3" (or above) then the string
35 obtained from the client, after a failed character conversion, is
36 printed. Such strings can be provided during the NTLMSSP
37 authentication exchange.
39 In the Samba AD DC in particular, this may cause a long-lived process
40 (such as the RPC server) to terminate. (In the file server case, the
41 most likely target, smbd, operates as process-per-client and so a
42 crash there is harmless).
48 Patches addressing both these issues have been posted to:
50 https://www.samba.org/samba/security/
52 Additionally, Samba 4.11.5, 4.10.12 and 4.9.18 have been issued
53 as security releases to correct the defect. Samba administrators are
54 advised to upgrade to these releases or apply the patch as soon
61 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (6.5)
67 Do not set a log level of 3 or above in production.
73 Originally reported by Robert Święcki using a fuzzer he wrote.
75 Patches provided by Andrew Bartlett of the Samba team and Catalyst.
77 ==========================================================
78 == Our Code, Our Bugs, Our Responsibility.
80 ==========================================================