CVE-2019-14833

CVE-2019-14833

Name

CVE-2019-14833

Description

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833
Mitigation	https://www.samba.org/samba/security/CVE-2019-14833.html
Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/
CONFIRM	https://www.synology.com/security/advisory/Synology_SA_19_35
MLIST	https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

Type

URI

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14833

Mitigation

https://www.samba.org/samba/security/CVE-2019-14833.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/

CONFIRM

https://www.synology.com/security/advisory/Synology_SA_19_35

MLIST

https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.5.0	< 4.9.15
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.11.0	< 4.11.2
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.10.0	< 4.10.10

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.5.0

< 4.9.15

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.11.0

< 4.11.2

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.10.0

< 4.10.10

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
samba	edge-main	4.11.2-r0	None	fixed
samba	edge-main	4.10.8-r0	None	possibly vulnerable
samba	edge-main	4.10.5-r0	None	possibly vulnerable
samba	edge-main	4.10.3-r0	None	possibly vulnerable
samba	edge-main	4.8.11-r0	None	possibly vulnerable
samba	edge-main	4.8.7-r0	None	possibly vulnerable
samba	edge-main	4.8.4-r0	None	possibly vulnerable
samba	edge-main	4.7.6-r0	None	possibly vulnerable
samba	edge-main	4.7.3-r0	None	possibly vulnerable
samba	edge-main	4.7.0-r0	None	possibly vulnerable
samba	edge-main	4.6.1-r0	None	possibly vulnerable
samba	3.22-main	4.11.2-r0	None	fixed
samba	3.22-main	4.10.8-r0	None	possibly vulnerable
samba	3.22-main	4.10.5-r0	None	possibly vulnerable
samba	3.22-main	4.10.3-r0	None	possibly vulnerable
samba	3.22-main	4.8.11-r0	None	possibly vulnerable
samba	3.22-main	4.8.7-r0	None	possibly vulnerable
samba	3.22-main	4.8.4-r0	None	possibly vulnerable
samba	3.22-main	4.7.6-r0	None	possibly vulnerable
samba	3.22-main	4.7.3-r0	None	possibly vulnerable
samba	3.22-main	4.7.0-r0	None	possibly vulnerable
samba	3.22-main	4.6.1-r0	None	possibly vulnerable
samba	3.21-main	4.11.2-r0	None	fixed
samba	3.21-main	4.10.8-r0	None	possibly vulnerable
samba	3.21-main	4.10.5-r0	None	possibly vulnerable
samba	3.21-main	4.10.3-r0	None	possibly vulnerable
samba	3.21-main	4.8.11-r0	None	possibly vulnerable
samba	3.21-main	4.8.7-r0	None	possibly vulnerable
samba	3.21-main	4.8.4-r0	None	possibly vulnerable
samba	3.21-main	4.7.6-r0	None	possibly vulnerable
samba	3.21-main	4.7.3-r0	None	possibly vulnerable
samba	3.21-main	4.7.0-r0	None	possibly vulnerable
samba	3.21-main	4.6.1-r0	None	possibly vulnerable
samba	3.20-main	4.11.2-r0	None	fixed
samba	3.20-main	4.10.8-r0	None	possibly vulnerable
samba	3.20-main	4.10.5-r0	None	possibly vulnerable
samba	3.20-main	4.10.3-r0	None	possibly vulnerable
samba	3.20-main	4.8.11-r0	None	possibly vulnerable
samba	3.20-main	4.8.7-r0	None	possibly vulnerable
samba	3.20-main	4.8.4-r0	None	possibly vulnerable
samba	3.20-main	4.7.6-r0	None	possibly vulnerable
samba	3.20-main	4.7.3-r0	None	possibly vulnerable
samba	3.20-main	4.7.0-r0	None	possibly vulnerable
samba	3.20-main	4.6.1-r0	None	possibly vulnerable
samba	3.19-main	4.11.2-r0	None	fixed
samba	3.19-main	4.10.8-r0	None	possibly vulnerable
samba	3.19-main	4.10.5-r0	None	possibly vulnerable
samba	3.19-main	4.10.3-r0	None	possibly vulnerable
samba	3.19-main	4.8.11-r0	None	possibly vulnerable
samba	3.19-main	4.8.7-r0	None	possibly vulnerable
samba	3.19-main	4.8.4-r0	None	possibly vulnerable
samba	3.19-main	4.7.6-r0	None	possibly vulnerable
samba	3.19-main	4.7.3-r0	None	possibly vulnerable
samba	3.19-main	4.7.0-r0	None	possibly vulnerable
samba	3.19-main	4.6.1-r0	None	possibly vulnerable
samba	3.18-main	4.11.2-r0	None	fixed
samba	3.17-main	4.11.2-r0	None	fixed
samba	3.12-main	4.11.2-r0	None	fixed
samba	3.11-main	4.11.2-r0	None	fixed
samba	3.10-main	4.10.10-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages