Login

Register

Login

Register

#cybersecurity | hacker | Samba issues patches for three vulnerabilities


Samba
released security updates patching three issues CVE-2019-14902, CVE-2019-14907,
and CVE-2019-19344.

The medium-rated
CVE-2019-14902 fixes a problem where a newly delegated right, but more
importantly the removal of a previously delegated right, would not be inherited
on any domain controller other than the one where the change was made. This
means if a user had been delegated the right to make alterations to a subtree,
such as changing passwords, and that right was then rescinded, that move would
not automatically be taken away on all domain controllers.

The patch
fixes this issue, but Samba noted, “it
is vital that a full-sync be done TO each Domain Controller to ensure each ACL
(ntSecurityDescriptor) is re-calculated on the whole set of DCs.”

CVE-2019-14907,
medium rated, can allow a crash after failed character conversion at log level
three or higher affecting Samba 4.0 and later. In the Samba Active Directory
Domain Controller this may cause a long-lived process to terminate.

The final
issue, CVE-2019-19344,
covers a use after free issue during DNS zone scavenging in Samba Active
Directory Domain Controller in versions 4.9 and later. When Samba 4.9 was
rolled out it contained an off by default feature to tombstone dynamically
created DNS records that had reached their expiration point. There is a
use-after-free issue in this code that if the proper conditions exist save that
read memory into the database.

Patches for
all three issues have been posted.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW