CVE-2019-14847
Published: 29 October 2019
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
bionic |
Released
(2:4.7.6+dfsg~ubuntu-0ubuntu2.13)
|
disco |
Released
(2:4.10.0+dfsg-0ubuntu2.6)
|
|
eoan |
Released
(2:4.10.7+dfsg-0ubuntu2.2)
|
|
trusty |
Released
(2:4.3.11+dfsg-0ubuntu0.14.04.20+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
xenial |
Released
(2:4.3.11+dfsg-0ubuntu0.16.04.23)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.9 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |