Impact: Moderate Public Date: 2019-04-09 CWE: CWE-22 Bugzilla: 1691518: CVE-2019-3880 samba: save registry file outside share as unprivileged user A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.
Find out more about CVE-2019-3880 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the version of samba shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 4.2 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | Low |
| Availability Impact | Low |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected |
| Red Hat Gluster Storage 3 | samba | Affected |
| Red Hat Enterprise Linux 7 | samba | Affected |
| Red Hat Enterprise Linux 6 | samba4 | Will not fix |
| Red Hat Enterprise Linux 6 | samba | Will not fix |
| Red Hat Enterprise Linux 5 | samba | Will not fix |
Either turn off SMB1 by setting the global parameter:
'min protocol = SMB2'
or if SMB1 is required turn off unix extensions by setting the global parameter:
'unix extensions = no'
in the smb.conf file.
Vulmon