Use of Obsolete Function in samba (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-14833 |
| CWE-ID | CWE-477 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
samba (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of Obsolete Function
EUVDB-ID: #VU22330
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14833
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented password policy.
The vulnerability exists due to Samba does not pass the entire user's password when configured to use custom command to verify password complexity, if the password contains multibyte non-ACSII characters. A remote authenticated user can bypass implemented password policy and create weak passwords.
Install update from vendor's website.
Vulnerable software versionssamba (Alpine package): 4.5.4-r0 - 4.8.12-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=2eff8a828fa8e0df24702602a7a3280016efebf3
http://git.alpinelinux.org/aports/commit/?id=4da1ee1a718f0e9dfd6a6e91f9348fa96a58567d
http://git.alpinelinux.org/aports/commit/?id=b8c29bc4a15eb1bcdc0504834b34f45348972ae1
http://git.alpinelinux.org/aports/commit/?id=1a4e1a61106f66fdcf65ec33a37a99cea23db966
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
