CVE-2019-14902
MEDIUMSamba 4.9.0-4.11.4 - Improper Access Control in Subtree Permission Removal
Title source: llmDescription
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
References (11)
Core 11
Core References
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4244-1/
Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202003-52
Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0001/
Mailing List, Vendor Advisory
https://www.samba.org/samba/security/CVE-2019-14902.html
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_01
Scores
CVSS v3
5.4
EPSS
0.0350
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-284
Status
published
Products (7)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
canonical/ubuntu_linux
19.10
debian/debian_linux
9.0
opensuse/leap
15.1
samba/samba
4.0.0 - 4.9.18
Published
Jan 21, 2020
Tracked Since
Feb 18, 2026