Crash after failed character conversion (CVE-2019-14907)
Crash after failed character conversion at log level 3 and above (CVE-2019-14907)
Summary
This vulnerability applies to functionality when the system is acting as an Active Directory domain controller. No Buffalo NAS products use this functionality, and so no Buffalo sytems are affected by this vulnerability.
| Vulnerability ID | Vulnerability Overview |
|---|---|
| CVE-2019-14907 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). |
Affected Supported TeraStations
None
| Date | Description |
| 3/10/2022 | Initial release |