PT-2019-5666 · Samba+5 · Samba+5

Michael Hanselmann

Published

2019-10-29

Updated

2024-06-15

CVE-2019-10218

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions samba versions prior to 4.11.2 samba versions prior to 4.10.10 samba versions prior to 4.9.15

Description A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators, allowing the client to access files and folders outside of the SMB network pathnames. This could enable an attacker to create files outside of the current working directory using the privileges of the client user. The issue is due to incorrect restriction of the directory path name with limited access.

Recommendations For samba versions prior to 4.11.2, update to version 4.11.2 or later. For samba versions prior to 4.10.10, update to version 4.10.10 or later. For samba versions prior to 4.9.15, update to version 4.9.15 or later.

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2019-3063

ALT-PU-2019-3067

BDU:2020-04881

CESA-2020_1084

CESA-2020_1878

CVE-2019-10218

DLA-2668-1

DLA-3563-1

ECHO-5BF5-38E9-DA43

MGASA-2019-0397

OPENSUSE-SU-2019:2442-1

OPENSUSE-SU-2019:2458-1

OPENSUSE-SU-2019_2442-1

OPENSUSE-SU-2019_2458-1

OPENSUSE-SU-2024:11365-1

RHSA-2020:0943

RHSA-2020:1084

RHSA-2020:1878

RHSA-2020_1084

RHSA-2020_1878

SUSE-SU-2019:14202-1

SUSE-SU-2019:2866-1

SUSE-SU-2019:2868-1

SUSE-SU-2019:2875-1

SUSE-SU-2019:2890-1

SUSE-SU-2019:2893-1

SUSE-SU-2019_14202-1

SUSE-SU-2019_2875-1

SUSE-SU-2019_2890-1

SUSE-SU-2019_2893-1

SUSE-SU-2020:2673-1

USN-4167-1

USN-4167-2

Affected Products

Alt Linux

Centos

Red Hat

Samba

Suse

Ubuntu

PT-2019-5666 · Samba+5 · Samba+5

CVE-2019-10218

Weakness Enumeration

Related Identifiers

Affected Products

References · 146