Published: 09/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions prior to 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
debian debian linux 8.0
redhat enterprise linux 7.0
redhat gluster storage 3.0
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30
opensuse leap 42.3

Samba could be made to create files in unexpected locations ...

Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and login server for Unix, was vulnerable to a symlink traversal attack It would allow remote authenticated users with write permission to either write or detect files outside of Samba shares For the stable distribution (stretch), this problem has been fixed in version 2:4516+dfs ...

Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Moderate: samba security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated samba packages that fix one security issue and provide several bug fixes and enhancements are now available for Red Hat Gluster Storage 34 for Red Hat Enterprise Linux 7Red Hat Product ...

Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share(CVE-2019-3880) ...

Impact: Moderate Public Date: 2019-04-09 CWE: CWE-22 Bugzilla: 1691518: CVE-2019-3880 samba: save regis ...

CWE-22 https://access.redhat.com/security/cve/cve-2019-3880 https://security.netapp.com/advisory/ntap-20190411-0004/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html https://www.synology.com/security/advisory/Synology_SA_19_15 https://support.f5.com/csp/article/K20804356 https://access.redhat.com/errata/RHSA-2019:1966 https://access.redhat.com/errata/RHSA-2019:1967 https://access.redhat.com/errata/RHSA-2019:2099 https://access.redhat.com/errata/RHSA-2019:3582 https://www.samba.org/samba/security/CVE-2019-3880.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880 https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/https://nvd.nist.gov https://usn.ubuntu.com/3939-1/

Get Started

CVE-2019-3880

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect