CVE-2019-3870

Name of the Vulnerable Software and Affected Versions Samba versions 4.9 through 4.9.5 Samba versions 4.10.0 through 4.10.1

Description A vulnerability was found in Samba related to the creation of a new Samba AD DC. During this process, files are created in a private subdirectory of the install location with world-writable permissions, including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update. This issue is associated with errors in access control. Exploitation of this vulnerability may allow an attacker to compromise data integrity and cause a denial of service.

Recommendations For Samba versions 4.9 through 4.9.5, update to version 4.9.6 or later. For Samba versions 4.10.0 through 4.10.1, update to version 4.10.2 or later. As a temporary workaround, consider changing the permissions of the private subdirectory to mode 0700 to restrict access until a patch is applied. Restrict access to the world-writable files in the private directory to minimize the risk of exploitation.