CVE-2019-14907

Name of the Vulnerable Software and Affected Versions: Samba versions 4.9.x through 4.9.17 Samba versions 4.10.x through 4.10.11 Samba versions 4.11.x through 4.11.4

Description: The issue is related to an error when the log level is set to 3 or above, causing a string obtained from the client to be printed after a failed character conversion. This can occur during the NTLMSSP authentication exchange. In the Samba AD DC, this may cause a long-lived process, such as the RPC server, to terminate. In the file server case, the most likely target, smbd, operates as process-per-client, and a crash there is generally harmless.

Recommendations: For Samba versions 4.9.x through 4.9.17, update to version 4.9.18 or later to resolve the issue. For Samba versions 4.10.x through 4.10.11, update to version 4.10.12 or later to resolve the issue. For Samba versions 4.11.x through 4.11.4, update to version 4.11.5 or later to resolve the issue. As a temporary workaround, consider setting the log level to a value below 3 to minimize the risk of exploitation.