CVE-2019-14902

Priority
Description
There is an issue in all samba 4.11.x versions before 4.11.5, all samba
4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18,
where the removal of the right to create or modify a subtree would not
automatically be taken away on all domain controllers.
Assigned-to
mdeslaur
Notes
mdeslaurdifficult and risky backport to 4.3 in xenial. Workaround:
Use of 'samba-tool drs replicate $DC1 $DC2 $NC --full-sync' will
cause all ACLs to be syncronised from DC2 to DC1, for the given
NC (naming context)
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.11.5,4.10.12)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):released (2:4.7.6+dfsg~ubuntu-0ubuntu2.15)
Ubuntu 19.10 (Eoan Ermine):released (2:4.10.7+dfsg-0ubuntu2.4)
Ubuntu 20.04 (Focal Fossa):needed
More Information

Updated: 2020-02-05 03:14:41 UTC (commit 33eecc947e5a5d8011f73d8a56dd2486b44db0fd)