CVE-2019-14847 - log back

CVE-2019-14847 edited at 31 Oct 2019 09:14:50
Description
- A denial of service has been found in Samba before 4.10.9, where users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.
+ A denial of service has been found in Samba before 4.10.10, where users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.
By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).
CVE-2019-14847 edited at 31 Oct 2019 09:12:38
Notes
+ Setting to low since it requires an authenticated user with special rights AND a non-default setting.
CVE-2019-14847 edited at 31 Oct 2019 09:12:13
Severity
- Medium
+ Low
CVE-2019-14847 edited at 31 Oct 2019 09:12:06
Severity
- High
+ Medium
CVE-2019-14847 edited at 31 Oct 2019 09:12:00
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service has been found in Samba before 4.10.9, where users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.
+ By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).
References
+ https://www.samba.org/samba/security/CVE-2019-14847.html
+ https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch
Notes
CVE-2019-14847 created at 31 Oct 2019 09:09:18