PT-2019-5666 · Samba+5 · Samba+5

Michael Hanselmann

+1

·

Publicado

2019-10-29

·

Atualizado

2024-06-15

·

CVE-2019-10218

CVSS v2.0

7.1

Alta

VetorAV:N/AC:M/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions samba versions prior to 4.11.2 samba versions prior to 4.10.10 samba versions prior to 4.9.15
Description A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators, allowing the client to access files and folders outside of the SMB network pathnames. This could enable an attacker to create files outside of the current working directory using the privileges of the client user. The issue is due to incorrect restriction of the directory path name with limited access.
Recommendations For samba versions prior to 4.11.2, update to version 4.11.2 or later. For samba versions prior to 4.10.10, update to version 4.10.10 or later. For samba versions prior to 4.9.15, update to version 4.9.15 or later.

Correção

DoS

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2019-3063
ALT-PU-2019-3067
BDU:2020-04881
CESA-2020_1084
CESA-2020_1878
CVE-2019-10218
DLA-2668-1
DLA-3563-1
ECHO-5BF5-38E9-DA43
MGASA-2019-0397
OPENSUSE-SU-2019:2442-1
OPENSUSE-SU-2019:2458-1
OPENSUSE-SU-2019_2442-1
OPENSUSE-SU-2019_2458-1
OPENSUSE-SU-2024:11365-1
RHSA-2020:0943
RHSA-2020:1084
RHSA-2020:1878
RHSA-2020_1084
RHSA-2020_1878
SUSE-SU-2019:14202-1
SUSE-SU-2019:2866-1
SUSE-SU-2019:2868-1
SUSE-SU-2019:2875-1
SUSE-SU-2019:2890-1
SUSE-SU-2019:2893-1
SUSE-SU-2019_14202-1
SUSE-SU-2019_2875-1
SUSE-SU-2019_2890-1
SUSE-SU-2019_2893-1
SUSE-SU-2020:2673-1
USN-4167-1
USN-4167-2

Produtos afetados

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu