SB2019121078 - Improperly implemented security feature in samba (Alpine package)
Published: December 10, 2019
Security Bulletin ID
SB2019121078
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improperly implemented security feature (CVE-ID: CVE-2019-14870)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect implementation of the DelegationNotAllowed Kerberos feature restriction ("delegation_not_allowed" user attribute) that is not applied when processing protocol transmission requests (S4U2Self) in the AD DC KDC. A remote authenticated user can gain access to sensitive information and functionality within the AD domain.
Remediation
Install update from vendor's website.