Versions Affected : All verisons prior to FreeNAS/TrueNAS 11.2-U8


Description

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with “log level = 3” (or above) then the string obtained from the client, after a failed character conversion, is printed.

Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Workaround

No workaround is available, but dynamically linked binaries are not affected.


Mitigation

  • Upgrade to FreeNAS/TrueNAS 11.2-U8 or later

    CVE-2019-14907 only affects TrueNAS 11.2 users with a non-default (higher than normal) log level. TrueNAS 11.3-RELEASE has Samba 4.10.12, which is not vulnerable to CVE-2019-14907

Commit

Further information