CVE-2019-14902

Description

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

How to fix CVE-2019-14902

To remediate CVE-2019-14902, upgrade the affected package to a fixed version below.

Alpine/samba—upgrade to 4.10.12-r0 or later
—upgrade to 2:4.11.5+dfsg-1 or later

Is CVE-2019-14902 being exploited?

Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.10.12-r0
from 0, < 2:4.11.5+dfsg-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2019-14902
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-14902