Alpine: samba: security update to 4.10.10-r0

medium Tenable Cloud Security Plugin ID 407048

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a
malicious server can supply a pathname to the client with separators. This could allow the client to
access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to
create files outside of the current working directory using the privileges of the client user.
(CVE-2019-10218)

- A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba
4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active
Directory Domain Controller can be configured to use a custom script to check for password complexity.
This configuration can fail to verify password complexity when non-ASCII characters are used in the
password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary
attacks. (CVE-2019-14833)

- A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash
AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with
this issue. (CVE-2019-14847)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-10218

https://security.alpinelinux.org/vuln/CVE-2019-14833

https://security.alpinelinux.org/vuln/CVE-2019-14847

Plugin Details

Severity: Medium

ID: 407048

Version: Revision 1.24

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2019-14833

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-10218

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/29/2019

Reference Information

CVE: CVE-2019-10218, CVE-2019-14833, CVE-2019-14847

IAVA: 2019-A-0407-S