CVE-2019-14902
Summary
| CVE | CVE-2019-14902 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-21 18:15:00 UTC |
| Updated | 2023-11-07 03:05:00 UTC |
| Description | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Application | Samba | Samba | All | All | All | All |
| Application | Samba | Samba | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1791201 – (CVE-2019-14902) CVE-2019-14902 samba: Replication of ACLs set to inherit down a subtree on AD Directory not automatic | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| [SECURITY] Fedora 30 Update: samba-4.10.13-0.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Samba - Security Announcement Archive | MISC | www.samba.org | Mailing List, Vendor Advisory |
| [SECURITY] [DLA 3563-1] samba security update | MLIST | lists.debian.org | |
| Synology Inc. | CONFIRM | www.synology.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2020:0122-1: moderate: Security update f | SUSE | lists.opensuse.org | Third Party Advisory |
| [SECURITY] Fedora 31 Update: samba-4.11.6-0.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 31 Update: samba-4.11.6-0.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] [DLA 2668-1] samba security update | MLIST | lists.debian.org | |
| Samba: Multiple vulnerabilities (GLSA 202003-52) — Gentoo security | GENTOO | security.gentoo.org | |
| USN-4244-1: Samba vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| [SECURITY] Fedora 30 Update: samba-4.10.13-0.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| January 2020 Samba Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178607 Debian Security Update for samba (DLA 2668-1)
- 296075 Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)
- 500624 Alpine Linux Security Update for samba
- 504386 Alpine Linux Security Update for samba
- 6000093 Debian Security Update for samba (DLA 3563-1)
- 670882 EulerOS Security Update for samba (EulerOS-SA-2020-2396)