CVE-2019-17455

high-risk

Published 2019-10-10

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

Do I need to act?

7.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (11)

Libntlm

Debian Linux

Ubuntu Linux

Fedora

Backports Sle

Leap

Affected Vendors

Debian Canonical Fedoraproject Opensuse Nongnu

References (20)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html

Exploit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145

Exploit https://gitlab.com/jas/libntlm/issues/2

Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html

Mailing List https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17455.html

Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2019-17455