// For flags

CVE-2019-3880

samba: save registry file outside share as unprivileged user

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Se encontró un fallo en la forma en que samba implementó RPC endpoint, que emula la API de servicios de registro de Windows. Un atacante sin privilegios podría usar este defecto para crear un nuevo archivo de registro hive en cualquier lugar que tenga permisos Unix, lo que podría llevar a la creación de un nuevo archivo en el recurso compartido de Samba. Las versiones anteriores a la 4.8.11, 4.9.6 y 4.10.2 son vulnerables.

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-04-08 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-11-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (18)
URL Tag Source
https://access.redhat.com/security/cve/cve-2019-3880 Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880 Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html Mailing List
https://security.netapp.com/advisory/ntap-20190411-0004 Third Party Advisory
https://support.f5.com/csp/article/K20804356 Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_15 Third Party Advisory
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html 2023-11-07
https://www.samba.org/samba/security/CVE-2019-3880.html 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html 2023-11-07
https://access.redhat.com/errata/RHSA-2019:1966 2023-11-07
https://access.redhat.com/errata/RHSA-2019:1967 2023-11-07
https://access.redhat.com/errata/RHSA-2019:2099 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3582 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA 2023-11-07
https://access.redhat.com/security/cve/CVE-2019-3880 2019-11-05
https://bugzilla.redhat.com/show_bug.cgi?id=1691518 2019-11-05
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 >= 3.2.0 < 4.8.11
Search vendor "Samba" for product "Samba" and version " >= 3.2.0 < 4.8.11"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 >= 4.9.0 < 4.9.6
Search vendor "Samba" for product "Samba" and version " >= 4.9.0 < 4.9.6"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 >= 4.10.0 < 4.10.2
Search vendor "Samba" for product "Samba" and version " >= 4.10.0 < 4.10.2"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
 Gluster Storage
Search vendor "Redhat" for product "Gluster Storage"
 3.0
Search vendor "Redhat" for product "Gluster Storage" and version "3.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 28
Search vendor "Fedoraproject" for product "Fedora" and version "28"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 29
Search vendor "Fedoraproject" for product "Fedora" and version "29"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 42.3
Search vendor "Opensuse" for product "Leap" and version "42.3"
-
Affected