CVE-2019-14847 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	A denial of service has been found in Samba before 4.10.10, where users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax. By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1057	samba	4.10.8-2	4.10.10-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
03 Nov 2019	ASA-201911-6	AVG-1057	samba	Medium	multiple issues

References
https://www.samba.org/samba/security/CVE-2019-14847.html https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch

Notes
Setting to low since it requires an authenticated user with special rights AND a non-default setting.