CVE-2019-14833

Summary

CVE	CVE-2019-14833
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-11-06 10:15:00 UTC
Updated	2023-11-07 03:05:00 UTC
Description	A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

Risk And Classification

Problem Types: CWE-521

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	29	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	31	All	All	All
Operating System	Fedoraproject	Fedora	29	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	31	All	All	All
Operating System	Opensuse	Leap	15.0	All	All	All
Operating System	Opensuse	Leap	15.0	All	All	All
Application	Samba	Samba	All	All	All	All
Application	Samba	Samba	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 30 Update: samba-4.10.10-0.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 31 Update: samba-4.11.2-1.fc31 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 3563-1] samba security update	MLIST	lists.debian.org
[SECURITY] Fedora 29 Update: samba-4.9.15-0.fc29 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 29 Update: samba-4.9.15-0.fc29 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Synology Inc.	CONFIRM	www.synology.com
[security-announce] openSUSE-SU-2019:2458-1: important: Security update	SUSE	lists.opensuse.org	Third Party Advisory
[SECURITY] Fedora 30 Update: samba-4.10.10-0.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
1764126 – (CVE-2019-14833) CVE-2019-14833 samba: AD DC check password script does not receive full password when non-ASCII characters are used	CONFIRM	bugzilla.redhat.com	Issue Tracking, Mitigation, Patch, Third Party Advisory
[SECURITY] Fedora 31 Update: samba-4.11.2-1.fc31 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 2668-1] samba security update	MLIST	lists.debian.org
Samba - Security Announcement Archive	MISC	www.samba.org	Mitigation, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

178607 Debian Security Update for samba (DLA 2668-1)
296075 Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)
500622 Alpine Linux Security Update for samba
504384 Alpine Linux Security Update for samba
6000093 Debian Security Update for samba (DLA 3563-1)
671072 EulerOS Security Update for samba (EulerOS-SA-2019-2547)