CVE-2019-3880
samba: save registry file outside share as unprivileged user
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
Se encontró un fallo en la forma en que samba implementó RPC endpoint, que emula la API de servicios de registro de Windows. Un atacante sin privilegios podría usar este defecto para crear un nuevo archivo de registro hive en cualquier lugar que tenga permisos Unix, lo que podría llevar a la creación de un nuevo archivo en el recurso compartido de Samba. Las versiones anteriores a la 4.8.11, 4.9.6 y 4.10.2 son vulnerables.
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-04-08 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (18)
URL | Tag | Source |
---|---|---|
https://access.redhat.com/security/cve/cve-2019-3880 | Mitigation | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20190411-0004 | Third Party Advisory | |
https://support.f5.com/csp/article/K20804356 | Third Party Advisory | |
https://www.synology.com/security/advisory/Synology_SA_19_15 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html | 2023-11-07 | |
https://www.samba.org/samba/security/CVE-2019-3880.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 3.2.0 < 4.8.11 Search vendor "Samba" for product "Samba" and version " >= 3.2.0 < 4.8.11" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.9.0 < 4.9.6 Search vendor "Samba" for product "Samba" and version " >= 4.9.0 < 4.9.6" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.10.0 < 4.10.2 Search vendor "Samba" for product "Samba" and version " >= 4.10.0 < 4.10.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Gluster Storage Search vendor "Redhat" for product "Gluster Storage" | 3.0 Search vendor "Redhat" for product "Gluster Storage" and version "3.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 28 Search vendor "Fedoraproject" for product "Fedora" and version "28" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.3 Search vendor "Opensuse" for product "Leap" and version "42.3" | - |
Affected
|