Vulnerability CVE-2019-3880


Published: 2019-04-09

Description:
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Redhat
Product: Enterprise linux 
Version: 7.0;
Vendor: Opensuse
Product: LEAP 
Version: 42.3;
Vendor: Samba
Product: Samba 
Version:
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.9
4.8.8
4.8.7
4.8.6
4.8.5
4.8.4
4.8.3
4.8.2
4.8.1
4.8.0
4.7.9
4.7.8
4.7.7
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.12
4.7.11
4.7.10
4.7.1
4.7.0
4.6.9
4.6.8
4.6.7
4.6.6
4.6.5
4.6.4
4.6.3
4.6.2
4.6.16
4.6.15
4.6.14
4.6.13
4.6.12
4.6.11
4.6.10
4.6.1
4.6.0
4.5.9
4.5.8
4.5.7
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.16
4.5.15
4.5.14
4.5.13
4.5.12
4.5.11
4.5.10
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.16
4.4.15
4.4.14
4.4.13
4.4.12
4.4.11
4.4.10
4.4.1
4.4.0
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.13
4.3.12
4.3.11
4.3.10
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html
https://access.redhat.com/security/cve/cve-2019-3880
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/
https://security.netapp.com/advisory/ntap-20190411-0004/
https://support.f5.com/csp/article/K20804356
https://www.samba.org/samba/security/CVE-2019-3880.html
https://www.synology.com/security/advisory/Synology_SA_19_15

Related CVE
CVE-2018-16860
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept th...
CVE-2019-12436
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
CVE-2019-12435
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
CVE-2019-3870
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700,...
CVE-2019-3824
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of ...
CVE-2018-16857
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this...
CVE-2018-16853
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samb...
CVE-2018-16852
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZO...

Copyright 2019, cxsecurity.com

 

Back to Top