CVE-2019-3880

Published: Apr 9, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Affected (10)

Products: Samba: Samba · Debian: Debian Linux · Redhat: Enterprise Linux, Gluster Storage · +2 more

Show all products

Samba: Samba · Debian: Debian Linux · Redhat: Enterprise Linux, Gluster Storage · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

2 products

Enterprise Linux

Gluster Storage

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	From 3.2.0 to 4.8.11
Samba Samba	From 4.10.0 to 4.10.2
Samba Samba	From 4.9.0 to 4.9.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Gluster Storage	Version 3.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 28
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.3

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (31)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1966

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1967

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2099

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3582

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880

Source: secalert@redhat.com

Issue TrackingMitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html

Source: secalert@redhat.com

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20190411-0004/

Source: secalert@redhat.com

Third Party Advisory

https://support.f5.com/csp/article/K20804356

Source: secalert@redhat.com

Third Party Advisory

https://www.samba.org/samba/security/CVE-2019-3880.html

Source: secalert@redhat.com

MitigationPatchVendor Advisory

https://www.synology.com/security/advisory/Synology_SA_19_15

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/cve-2019-3880

Source: nvd@nist.gov

MitigationThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1966

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1967

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2099

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3582

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20190411-0004/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.f5.com/csp/article/K20804356

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.samba.org/samba/security/CVE-2019-3880.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

https://www.synology.com/security/advisory/Synology_SA_19_15

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.