PT-2019-4621 · Samba+5 · Samba+5

Publicado

2019-04-08

·

Atualizado

2024-06-15

·

CVE-2019-3880

CVSS v2.0

5.5

Média

VetorAV:N/AC:L/Au:S/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.8.11 Samba versions prior to 4.9.6 Samba versions prior to 4.10.2
Description A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. This issue allows an unprivileged attacker to create a new registry hive file anywhere they have Unix permissions, potentially leading to the creation of a new file in the Samba share. The vulnerability is related to a path traversal issue, enabling attackers to write or detect files outside the Samba share, which could impact data integrity and confidentiality.
Recommendations For versions prior to 4.8.11, update to version 4.8.11 or later. For versions prior to 4.9.6, update to version 4.9.6 or later. For versions prior to 4.10.2, update to version 4.10.2 or later.

Correção

DoS

XSS

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-22

Identificadores relacionados

ALT-PU-2019-1638
BDU:2020-00765
BDU:2020-00766
CESA-2019_2099
CESA-2019_3582
CVE-2019-3880
DLA-1754-1
DSA-4427-1
ECHO-5D38-846C-F790
OPENSUSE-SU-2019:1180-1
OPENSUSE-SU-2019_1180-1
OPENSUSE-SU-2019_1292-1
OPENSUSE-SU-2024:11365-1
RHSA-2019:1966
RHSA-2019:1967
RHSA-2019:2099
RHSA-2019:3582
RHSA-2019_2099
RHSA-2019_3582
SUSE-SU-2019:1037-1
SUSE-SU-2019:1040-1
SUSE-SU-2019:1194-1
SUSE-SU-2019:1195-1
SUSE-SU-2019:1203-1
SUSE-SU-2019:14042-1
SUSE-SU-2019_1037-1
SUSE-SU-2019_1040-1
SUSE-SU-2019_1194-1
SUSE-SU-2019_1195-1
SUSE-SU-2019_1203-1
SUSE-SU-2019_14042-1
USN-3939-1
USN-3939-2

Produtos afetados

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu