CVE-2019-14902 — MEDIUM (5.4)

Q: How severe is CVE-2019-14902?

CVE-2019-14902 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-14902?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux, Opensuse Leap, Debian Debian Linux.

Vulnerability Description

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Samba	Samba	>= 4.0.0, < 4.9.18
Canonical	Ubuntu Linux	16.04
Opensuse	Leap	15.1
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-284

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.htmlThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202003-52Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0001/Third Party Advisory
https://usn.ubuntu.com/4244-1/Third Party Advisory
https://www.samba.org/samba/security/CVE-2019-14902.htmlMailing ListVendor Advisory
https://www.synology.com/security/advisory/Synology_SA_20_01Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.htmlThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.htmlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

FAQ

What is CVE-2019-14902?

CVE-2019-14902 is a vulnerability with a CVSS score of 5.4 (MEDIUM). There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a ...

How severe is CVE-2019-14902?

CVE-2019-14902 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14902?

Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Canonical Ubuntu Linux, Opensuse Leap, Debian Debian Linux.