exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2019-14870

Status Candidate

Overview

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

Related Files

Gentoo Linux Security Advisory 202310-06
Posted Oct 9, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-14870, CVE-2021-44758, CVE-2022-3437, CVE-2022-3671, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640, CVE-2022-44758, CVE-2022-45142
SHA-256 | 27611271da9764cfeb6bf4345cc8b0a457073005b818ba42fe2a3f1b4b278d83
Gentoo Linux Security Advisory 202003-52
Posted Mar 26, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-52 - Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution. Versions less than 4.11.6 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140, CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857, CVE-2018-16860, CVE-2019-10197, CVE-2019-14861, CVE-2019-14870, CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
SHA-256 | 78ecd3bc02b0f10129021084736ee7cc0c9408898c589745d90193370efe75aa
Ubuntu Security Notice USN-4217-2
Posted Dec 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4217-2 - USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-14861, CVE-2019-14870
SHA-256 | 6db26f2e489f1384d2f218d9e2544521385fb447c71f37e016d74825ac3f8bbb
Ubuntu Security Notice USN-4217-1
Posted Dec 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4217-1 - Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Isaac Boukris discovered that Samba did not enforce the Kerberos DelegationNotAllowed feature restriction, contrary to expectations.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-14861, CVE-2019-14870
SHA-256 | 51b01c1767b0bdb132c8d865c0a4fae6ca8ba99c8b662d627473d2bc026ba909
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close