Test ID:	1.3.6.1.4.1.25623.1.1.10.2019.0397
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2019-0397)
Summary:	The remote host is missing an update for the 'ldb, samba' package(s) announced via the MGASA-2019-0397 advisory.
Description:	Summary: The remote host is missing an update for the 'ldb, samba' package(s) announced via the MGASA-2019-0397 advisory. Vulnerability Insight: Updated samba packages fix security vulnerabilities: Malicious servers can cause Samba client code to return filenames containing path separators to calling code (CVE-2019-10218). When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string (CVE-2019-14833). Users with the 'get changes' extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax (CVE-2019-14847). An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name (CVE-2019-14861). The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC (CVE-2019-14870). Affected Software/OS: 'ldb, samba' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10218 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMIYCYXCPRTVCVZ3TP6ZGPJ6RZS3IX4G/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/ https://www.samba.org/samba/security/CVE-2019-10218.html https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14833 https://www.samba.org/samba/security/CVE-2019-14833.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14847 https://www.samba.org/samba/security/CVE-2019-14847.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14861 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861 https://security.netapp.com/advisory/ntap-20191210-0002/ https://www.samba.org/samba/security/CVE-2019-14861.html https://www.synology.com/security/advisory/Synology_SA_19_40 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/ https://security.gentoo.org/glsa/202003-52 http://www.openwall.com/lists/oss-security/2024/06/24/3 SuSE Security Announcement: openSUSE-SU-2019:2700 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html https://usn.ubuntu.com/4217-1/ https://usn.ubuntu.com/4217-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-14870 https://security.gentoo.org/glsa/202310-06 https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.