CVE-2019-17455

Summary

CVE	CVE-2019-17455
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-10-10 18:15:00 UTC
Updated	2023-11-07 03:06:00 UTC
Description	Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	20.04	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Application	Nongnu	Libntlm	All	All	All	All
Application	Opensuse	Backports Sle	15.0	sp1	All	All
Application	Opensuse	Backports Sle	15.0	sp1	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 32 Update: libntlm-1.6-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
#942145 - libntlm: CVE-2019-17455 - Debian Bug report logs	MISC	bugs.debian.org	Exploit, Issue Tracking, Mailing List, Third Party Advisory
[SECURITY] [DLA 2831-1] libntlm security update	MLIST	lists.debian.org
[security-announce] openSUSE-SU-2020:0816-1: moderate: Security update f	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
CVE-2019-17455 \| Ubuntu	CONFIRM	people.canonical.com	Third Party Advisory
[SECURITY] Fedora 32 Update: libntlm-1.6-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE-2019-17455	CONFIRM	security-tracker.debian.org	Third Party Advisory
[SECURITY] Fedora 33 Update: libntlm-1.6-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 33 Update: libntlm-1.6-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
Buffer Overflow Write when libntlm generates NTLM request (version<=1.5) (#2) · Issues · Simon Josefsson / Libntlm · GitLab	MISC	gitlab.com	Exploit, Third Party Advisory
[SECURITY] [DLA 2207-1] libntlm security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
[security-announce] openSUSE-SU-2020:0806-1: moderate: Security update f	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

178917 Debian Security Update for libntlm (DLA 2831-1)
198536 Ubuntu Security Notification for libntlm Vulnerability (USN-5108-1)
901812 Common Base Linux Mariner (CBL-Mariner) Security Update for libntlm (7266)
904646 Common Base Linux Mariner (CBL-Mariner) Security Update for libntlm (7266-1)