ID CVE-2019-3870 Type cve Reporter cve@mitre.org Modified 2019-05-27T08:29:00
Description
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
{"id": "CVE-2019-3870", "bulletinFamily": "NVD", "title": "CVE-2019-3870", "description": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.", "published": "2019-04-09T16:29:00", "modified": "2019-05-27T08:29:00", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3870", "reporter": "cve@mitre.org", "references": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870", "https://www.samba.org/samba/security/CVE-2019-3870.html", "https://support.f5.com/csp/article/K20804356", "https://www.synology.com/security/advisory/Synology_SA_19_15", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/", "https://bugzilla.samba.org/show_bug.cgi?id=13834"], "cvelist": ["CVE-2019-3870"], "type": "cve", "lastseen": "2019-06-20T11:03:01", "history": [{"bulletin": {"affectedSoftware": [{"name": "samba samba", "operator": "eq", "version": "4.10.0"}, {"name": "samba samba", "operator": "eq", "version": "4.9.3"}, {"name": "samba samba", "operator": "eq", "version": "4.9.5"}, {"name": "fedoraproject fedora", "operator": "eq", "version": "30"}, {"name": "fedoraproject fedora", "operator": "eq", "version": "29"}, {"name": "samba samba", "operator": "eq", "version": "4.9.1"}, {"name": "samba samba", "operator": "eq", "version": "4.9.0"}, {"name": "samba samba", "operator": "eq", "version": "4.9.4"}, {"name": "samba samba", "operator": "eq", "version": "4.9.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:samba:samba:4.9.2", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:fedoraproject:fedora:29", "cpe:/a:samba:samba:4.9.5", "cpe:/a:samba:samba:4.9.1", "cpe:/a:samba:samba:4.9.0", "cpe:/a:samba:samba:4.9.4", "cpe:/a:samba:samba:4.10.0", "cpe:/a:samba:samba:4.9.3", "cpe:/a:fedoraproject:fedora:30"], "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"], "cvelist": ["CVE-2019-3870"], "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, "cwe": ["CWE-275"], "description": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-06-15T11:04:14", "references": [{"idList": ["OPENVAS:1361412562310876380", "OPENVAS:1361412562310875625", "OPENVAS:1361412562310142392"], "type": "openvas"}, {"idList": ["SAMBA:CVE-2019-3870"], "type": "samba"}, {"idList": ["F5:K20804356"], "type": "f5"}]}, "score": {"modified": "2019-06-15T11:04:14", "value": 3.4, "vector": "NONE"}}, "hash": "2e1acec83c223be5fdf9afd01c0e3a0b508accdd7fc96ef2ca7a81e74eeec2d7", "hashmap": [{"hash": "56497eece020fb9b55d43abfe0858285", "key": "references"}, {"hash": "9ef66131a802226be1908e9e0fd62539", "key": "cvelist"}, {"hash": "33065683da8f365c1dc4870397781a1a", "key": "description"}, {"hash": "02d4c4df2da8d4dc5d2f0cbb74f008ea", "key": "cvss"}, {"hash": "2d82a6db0a12365236d570942050b130", "key": "affectedSoftware"}, {"hash": "5233ff6c5ddd2225d988df49e0445050", "key": "title"}, {"hash": "bbf8b2e0a5854fafea5b1d8ddae71b17", "key": "modified"}, {"hash": "8d43bffc88a813393180ea7387281547", "key": "cpe23"}, {"hash": "33e24103cf750002858617c8cdbdcc03", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "45dca75a725febe60f4a06ebef9b04a5", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "65a223c4d0ed7527c9a9c72e40a42d91", "key": "cpe"}, {"hash": "57d1c384a3bb1be55ee044a623d9e041", "key": "cvss2"}, {"hash": "16c32547962647a803c372eb1f792506", "key": "cvss3"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "674581bc3d63992fcfe0179e19145db2", "key": "cwe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3870", "id": "CVE-2019-3870", "lastseen": "2019-06-15T11:04:14", "modified": "2019-05-27T08:29:00", "objectVersion": "1.3", "published": "2019-04-09T16:29:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870", "https://www.samba.org/samba/security/CVE-2019-3870.html", "https://support.f5.com/csp/article/K20804356", "https://www.synology.com/security/advisory/Synology_SA_19_15", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/", "https://bugzilla.samba.org/show_bug.cgi?id=13834"], "reporter": "cve@mitre.org", "title": "CVE-2019-3870", "type": "cve", "viewCount": 0}, "differentElements": ["cpe", "affectedSoftware"], "edition": 2, "lastseen": "2019-06-15T11:04:14"}, {"bulletin": {"affectedSoftware": [{"name": "samba samba", "operator": "eq", "version": "4.10.0"}, {"name": "samba samba", "operator": "eq", "version": "4.9.3"}, {"name": "fedoraproject fedora", "operator": "eq", "version": "30"}, {"name": "fedoraproject fedora", "operator": "eq", "version": "29"}, {"name": "samba samba", "operator": "eq", "version": "4.9.1"}, {"name": "samba samba", "operator": "eq", "version": "4.9.0"}, {"name": "samba samba", "operator": "eq", "version": "4.9.4"}, {"name": "samba samba", "operator": "eq", "version": "4.9.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:samba:samba:4.9.2", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:fedoraproject:fedora:29", "cpe:/a:samba:samba:4.9.1", "cpe:/a:samba:samba:4.9.0", "cpe:/a:samba:samba:4.9.4", "cpe:/a:samba:samba:4.10.0", "cpe:/a:samba:samba:4.9.3", "cpe:/a:fedoraproject:fedora:30"], "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"], "cvelist": ["CVE-2019-3870"], "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, "cwe": ["CWE-275"], "description": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.", "edition": 1, "enchantments": {"score": {"modified": "2019-05-29T18:23:39", "value": 4.8, "vector": "NONE"}}, "hash": "a51e4456debcc0501f98316162e0972c9f14fcc6fc882cda8d61f7f94f994172", "hashmap": [{"hash": "56497eece020fb9b55d43abfe0858285", "key": "references"}, {"hash": "9ef66131a802226be1908e9e0fd62539", "key": "cvelist"}, {"hash": "33065683da8f365c1dc4870397781a1a", "key": "description"}, {"hash": "02d4c4df2da8d4dc5d2f0cbb74f008ea", "key": "cvss"}, {"hash": "5233ff6c5ddd2225d988df49e0445050", "key": "title"}, {"hash": "bbf8b2e0a5854fafea5b1d8ddae71b17", "key": "modified"}, {"hash": "8d43bffc88a813393180ea7387281547", "key": "cpe23"}, {"hash": "33e24103cf750002858617c8cdbdcc03", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "45dca75a725febe60f4a06ebef9b04a5", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "63e406265f19be24a96340f56f3fc5f0", "key": "affectedSoftware"}, {"hash": "4da7967a15ef1afc3ede5bd97e6777c1", "key": "cpe"}, {"hash": "57d1c384a3bb1be55ee044a623d9e041", "key": "cvss2"}, {"hash": "16c32547962647a803c372eb1f792506", "key": "cvss3"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "674581bc3d63992fcfe0179e19145db2", "key": "cwe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3870", "id": "CVE-2019-3870", "lastseen": "2019-05-29T18:23:39", "modified": "2019-05-27T08:29:00", "objectVersion": "1.3", "published": "2019-04-09T16:29:00", "references": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870", "https://www.samba.org/samba/security/CVE-2019-3870.html", "https://support.f5.com/csp/article/K20804356", "https://www.synology.com/security/advisory/Synology_SA_19_15", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/", "https://bugzilla.samba.org/show_bug.cgi?id=13834"], "reporter": "cve@mitre.org", "title": "CVE-2019-3870", "type": "cve", "viewCount": 0}, "differentElements": ["cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:23:39"}], "edition": 3, "hashmap": [{"key": "affectedSoftware", "hash": "b4a8ad660802efe75a691d97b5a19826"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f83ad35b319842dbad2288b1ee3d122b"}, {"key": "cpe23", "hash": "8d43bffc88a813393180ea7387281547"}, {"key": "cvelist", "hash": "9ef66131a802226be1908e9e0fd62539"}, {"key": "cvss", "hash": "02d4c4df2da8d4dc5d2f0cbb74f008ea"}, {"key": "cvss2", "hash": "57d1c384a3bb1be55ee044a623d9e041"}, {"key": "cvss3", "hash": "16c32547962647a803c372eb1f792506"}, {"key": "cwe", "hash": "674581bc3d63992fcfe0179e19145db2"}, {"key": "description", "hash": "33065683da8f365c1dc4870397781a1a"}, {"key": "href", "hash": "33e24103cf750002858617c8cdbdcc03"}, {"key": "modified", "hash": "bbf8b2e0a5854fafea5b1d8ddae71b17"}, {"key": "published", "hash": "45dca75a725febe60f4a06ebef9b04a5"}, {"key": "references", "hash": "56497eece020fb9b55d43abfe0858285"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5233ff6c5ddd2225d988df49e0445050"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d2cfd6eef5ab069a9033cf958659628e76bb93e8391fb119112357bd5bbd4460", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310142392", "OPENVAS:1361412562310876380", "OPENVAS:1361412562310875625"]}, {"type": "f5", "idList": ["F5:K20804356"]}, {"type": "samba", "idList": ["SAMBA:CVE-2019-3870"]}], "modified": "2019-06-20T11:03:01"}, "score": {"value": 3.4, "vector": "NONE", "modified": "2019-06-20T11:03:01"}, "vulnersScore": 3.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:samba:samba:4.9.2", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/a:fedoraproject:fedora:29", "cpe:/a:samba:samba:4.9.5", "cpe:/a:samba:samba:4.9.1", "cpe:/a:samba:samba:4.10.1", "cpe:/a:samba:samba:4.9.0", "cpe:/a:samba:samba:4.9.4", "cpe:/a:samba:samba:4.10.0", "cpe:/a:samba:samba:4.9.3", "cpe:/a:fedoraproject:fedora:30"], "affectedSoftware": [{"name": "samba samba", "operator": "eq", "version": "4.10.0"}, {"name": "samba samba", "operator": "eq", "version": "4.9.3"}, {"name": "samba samba", "operator": "eq", "version": "4.9.5"}, {"name": "fedoraproject fedora", "operator": "eq", "version": "30"}, {"name": "fedoraproject fedora", "operator": "eq", "version": "29"}, {"name": "samba samba", "operator": "eq", "version": "4.9.1"}, {"name": "samba samba", "operator": "eq", "version": "4.9.0"}, {"name": "samba samba", "operator": "eq", "version": "4.9.4"}, {"name": "samba samba", "operator": "eq", "version": "4.10.1"}, {"name": "samba samba", "operator": "eq", "version": "4.9.2"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"], "cwe": ["CWE-275"], "scheme": null}
{"openvas": [{"lastseen": "2019-05-29T18:32:21", "bulletinFamily": "scanner", "description": "Samba is prone to a world writeable files vulnerability.", "modified": "2019-05-09T00:00:00", "published": "2019-05-09T00:00:00", "id": "OPENVAS:1361412562310142392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142392", "title": "Samba World Writable Files Vulnerability (CVE-2019-3870)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:samba:samba';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142392\");\n script_version(\"2019-05-09T14:21:05+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-09 14:21:05 +0000 (Thu, 09 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-09 14:16:29 +0000 (Thu, 09 May 2019)\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-3870\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Samba World Writable Files Vulnerability (CVE-2019-3870)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"smb_nativelanman.nasl\", \"gb_samba_detect.nasl\");\n script_mandatory_keys(\"samba/smb_or_ssh/detected\");\n\n script_tag(name:\"summary\", value:\"Samba is prone to a world writeable files vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"During the creation of a new Samba AD DC, files are created in a the private/\n subdirectory of our install location. This directory is typically mode 0700, that is owner (root) only access.\n However in some upgraded installations it will have other permissions, such as 0755, because this was the\n default before Samba 4.8.\n\n Within this directory files are created with mode 0666, that is world-writable, including a sample krb5.conf and\n the list of DNS names and servicePrincipalName values to update.\");\n\n script_tag(name:\"affected\", value:\"Samba 4.9 and later.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.6, 4.10.2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.samba.org/samba/security/CVE-2019-3870.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos['version'];\npath = infos['location'];\n\nif (version_in_range(version: version, test_version: \"4.9.0\", test_version2: \"4.9.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.9.6\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"4.10.0\", test_version2: \"4.10.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.10.2\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the\n ", "modified": "2019-05-22T00:00:00", "published": "2019-05-19T00:00:00", "id": "OPENVAS:1361412562310876380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876380", "title": "Fedora Update for samba FEDORA-2019-208cc34d40", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876380\");\n script_version(\"2019-05-22T11:13:26+0000\");\n script_cve_id(\"CVE-2018-16860\", \"CVE-2019-3870\", \"CVE-2019-3880\", \"CVE-2018-14629\",\n \"CVE-2018-16841\", \"CVE-2018-16851\", \"CVE-2018-16852\", \"CVE-2018-16853\",\n \"CVE-2018-16857\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 11:13:26 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-19 02:09:46 +0000 (Sun, 19 May 2019)\");\n script_name(\"Fedora Update for samba FEDORA-2019-208cc34d40\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-208cc34d40\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OM5TYKT3Y2N2WB5QQKKEFQAF752FN3JJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'samba' package(s) announced via the FEDORA-2019-208cc34d40 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Samba is the standard Windows interoperability\n suite of programs for Linux and Unix.\");\n\n script_tag(name:\"affected\", value:\"'samba' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.9.8~0.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875625", "title": "Fedora Update for samba FEDORA-2019-db21b5f1d2", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875625\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-3870\", \"CVE-2019-3880\", \"CVE-2018-14629\", \"CVE-2018-16841\", \"CVE-2018-16851\", \"CVE-2018-16852\", \"CVE-2018-16853\", \"CVE-2018-16857\");\n script_tag(name:\"cvss_base\", value:\"5.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:12:28 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for samba FEDORA-2019-db21b5f1d2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-db21b5f1d2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the FEDORA-2019-db21b5f1d2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Samba is the standard Windows interoperability suite of programs for Linux and\nUnix.\");\n\n script_tag(name:\"affected\", value:\"'samba' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.9.6~0.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "f5": [{"lastseen": "2019-06-27T08:42:23", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-05-27T09:15:00", "published": "2019-05-27T09:15:00", "id": "F5:K20804356", "href": "https://support.f5.com/csp/article/K20804356", "title": "Samba vulnerabilities CVE-2019-3870 and CVE-2019-3880", "type": "f5", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "samba": [{"lastseen": "2019-05-29T19:19:07", "bulletinFamily": "software", "description": "During the creation of a new Samba AD DC, files are created in a the private/ subdirectory of our install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8.\nWithin this directory files are created with mode 0666, that is world-writable, including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update.", "modified": "2019-04-08T00:00:00", "published": "2019-04-08T00:00:00", "id": "SAMBA:CVE-2019-3870", "href": "https://www.samba.org/samba/security/CVE-2019-3870.html", "title": "World writable files in Samba AD DC private/ dir ", "type": "samba", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}]}
