DEBIAN-CVE-2019-14907
- Source
- https://security-tracker.debian.org/tracker/CVE-2019-14907
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-14907.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2019-14907
- Upstream
- Published
- 2020-01-21T18:15:12Z
- Modified
- 2025-09-19T06:02:43Z
- Summary
- [none]
- Details
-
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
- References
Affected packages
Debian:11 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:12 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:13 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:14 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source