As per upstream advisory: If samba is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Acknowledgments: Name: the Samba project Upstream: Robert Święcki
Mitigation: Do not set a log level of 3 or above in production.
External References: https://www.samba.org/samba/security/CVE-2019-14907.html
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1793407]
This issue has been addressed in the following products: Red Hat Gluster Storage 3.5 for RHEL 7 Via RHSA-2020:0943 https://access.redhat.com/errata/RHSA-2020:0943
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14907
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1878 https://access.redhat.com/errata/RHSA-2020:1878
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3981 https://access.redhat.com/errata/RHSA-2020:3981