Design/Logic Flaw

2020-01-2118:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.0%

JSON

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq18.04
ubuntu_linuxeq19.04
ubuntu_linuxeq19.10
debian_linuxeq9.0
fedoraeq30
fedoraeq31
enterprise_linuxeq7.0
enterprise_linuxeq8.0
storageeq3.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	19.04
ubuntu_linux	eq	19.10
debian_linux	eq	9.0
fedora	eq	30
fedora	eq	31
enterprise_linux	eq	7.0
enterprise_linux	eq	8.0
storage	eq	3.0