PT-2019-4621 · Samba+5 · Samba+5

Published

2019-04-08

·

Updated

2024-06-15

·

CVE-2019-3880

CVSS v2.0

5.5

Medium

VectorAV:N/AC:L/Au:S/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.8.11 Samba versions prior to 4.9.6 Samba versions prior to 4.10.2
Description A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. This issue allows an unprivileged attacker to create a new registry hive file anywhere they have Unix permissions, potentially leading to the creation of a new file in the Samba share. The vulnerability is related to a path traversal issue, enabling attackers to write or detect files outside the Samba share, which could impact data integrity and confidentiality.
Recommendations For versions prior to 4.8.11, update to version 4.8.11 or later. For versions prior to 4.9.6, update to version 4.9.6 or later. For versions prior to 4.10.2, update to version 4.10.2 or later.

Fix

DoS

XSS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-22

Related Identifiers

ALT-PU-2019-1638
BDU:2020-00765
BDU:2020-00766
CESA-2019_2099
CESA-2019_3582
CVE-2019-3880
DLA-1754-1
DSA-4427-1
ECHO-5D38-846C-F790
OPENSUSE-SU-2019:1180-1
OPENSUSE-SU-2019_1180-1
OPENSUSE-SU-2019_1292-1
OPENSUSE-SU-2024:11365-1
RHSA-2019:1966
RHSA-2019:1967
RHSA-2019:2099
RHSA-2019:3582
RHSA-2019_2099
RHSA-2019_3582
SUSE-SU-2019:1037-1
SUSE-SU-2019:1040-1
SUSE-SU-2019:1194-1
SUSE-SU-2019:1195-1
SUSE-SU-2019:1203-1
SUSE-SU-2019:14042-1
SUSE-SU-2019_1037-1
SUSE-SU-2019_1040-1
SUSE-SU-2019_1194-1
SUSE-SU-2019_1195-1
SUSE-SU-2019_1203-1
SUSE-SU-2019_14042-1
USN-3939-1
USN-3939-2

Affected Products

Alt Linux
Centos
Red Hat
Samba
Suse
Ubuntu