All the vulnerabilites related to The Samba Project - samba
cve-2019-3880
Vulnerability from cvelistv5
Published
2019-04-09 15:18
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
The Samba Project | samba |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2019-3880.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880" }, { "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" }, { "name": "openSUSE-SU-2019:1180", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190411-0004/" }, { "name": "FEDORA-2019-cacf88eabf", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15" }, { "name": "FEDORA-2019-db21b5f1d2", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "name": "openSUSE-SU-2019:1292", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html" }, { "name": "FEDORA-2019-019c5314a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K20804356" }, { "name": "RHSA-2019:1966", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1966" }, { "name": "RHSA-2019:1967", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1967" }, { "name": "RHSA-2019:2099", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2099" }, { "name": "RHSA-2019:3582", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3582" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "The Samba Project", "versions": [ { "status": "affected", "version": "4.8.11" }, { "status": "affected", "version": "4.9.6" }, { "status": "affected", "version": "4.10.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-06T00:07:56", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.samba.org/samba/security/CVE-2019-3880.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880" }, { "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" }, { "name": "openSUSE-SU-2019:1180", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190411-0004/" }, { "name": "FEDORA-2019-cacf88eabf", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15" }, { "name": "FEDORA-2019-db21b5f1d2", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "name": "openSUSE-SU-2019:1292", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html" }, { "name": "FEDORA-2019-019c5314a0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K20804356" }, { "name": "RHSA-2019:1966", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1966" }, { "name": "RHSA-2019:1967", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1967" }, { "name": "RHSA-2019:2099", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2099" }, { "name": "RHSA-2019:3582", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3582" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3880", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "samba", "version": { "version_data": [ { "version_value": "4.8.11" }, { "version_value": "4.9.6" }, { "version_value": "4.10.2" } ] } } ] }, "vendor_name": "The Samba Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.samba.org/samba/security/CVE-2019-3880.html", "refsource": "MISC", "url": "https://www.samba.org/samba/security/CVE-2019-3880.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880" }, { "name": "[debian-lts-announce] 20190409 [SECURITY] [DLA 1754-1] samba security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" }, { "name": "openSUSE-SU-2019:1180", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190411-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190411-0004/" }, { "name": "FEDORA-2019-cacf88eabf", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_15", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_15" }, { "name": "FEDORA-2019-db21b5f1d2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "name": "openSUSE-SU-2019:1292", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html" }, { "name": "FEDORA-2019-019c5314a0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/" }, { "name": "https://support.f5.com/csp/article/K20804356", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K20804356" }, { "name": "RHSA-2019:1966", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1966" }, { "name": "RHSA-2019:1967", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1967" }, { "name": "RHSA-2019:2099", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2099" }, { "name": "RHSA-2019:3582", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3582" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3880", "datePublished": "2019-04-09T15:18:08", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3870
Vulnerability from cvelistv5
Published
2019-04-09 15:17
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
References
▼ | URL | Tags |
---|---|---|
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ | vendor-advisory, x_refsource_FEDORA | |
https://www.samba.org/samba/security/CVE-2019-3870.html | x_refsource_MISC | |
https://bugzilla.samba.org/show_bug.cgi?id=13834 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 | x_refsource_CONFIRM | |
https://www.synology.com/security/advisory/Synology_SA_19_15 | x_refsource_CONFIRM | |
https://support.f5.com/csp/article/K20804356 | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Samba Project | samba |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:19:18.603Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2019-cacf88eabf", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "name": "FEDORA-2019-db21b5f1d2", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2019-3870.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K20804356" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "samba", "vendor": "The Samba Project", "versions": [ { "status": "affected", "version": "4.9.6" }, { "status": "affected", "version": "4.10.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-04T18:00:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "FEDORA-2019-cacf88eabf", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "name": "FEDORA-2019-db21b5f1d2", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.samba.org/samba/security/CVE-2019-3870.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K20804356" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "samba", "version": { "version_data": [ { "version_value": "4.9.6" }, { "version_value": "4.10.2" } ] } } ] }, "vendor_name": "The Samba Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update." } ] }, "impact": { "cvss": [ [ { "vectorString": "6.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-276" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2019-cacf88eabf", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "name": "FEDORA-2019-db21b5f1d2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "name": "https://www.samba.org/samba/security/CVE-2019-3870.html", "refsource": "MISC", "url": "https://www.samba.org/samba/security/CVE-2019-3870.html" }, { "name": "https://bugzilla.samba.org/show_bug.cgi?id=13834", "refsource": "MISC", "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_15", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_15" }, { "name": "https://support.f5.com/csp/article/K20804356", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K20804356" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3870", "datePublished": "2019-04-09T15:17:43", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }