Lucene search

K

[email protected]CVE-2019-3880

HistoryApr 09, 2019 - 4:29 p.m.

CVE-2019-3880

2019-04-0916:29:00

CWE-22

[email protected]

web.nvd.nist.gov

438

samba

rpc

endpoint

file creation

vulnerability

cve-2019-3880

nvd

samba share

registry service api

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

60.7%

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html

access.redhat.com/errata/RHSA-2019:1966

access.redhat.com/errata/RHSA-2019:1967

access.redhat.com/errata/RHSA-2019:2099

access.redhat.com/errata/RHSA-2019:3582

access.redhat.com/security/cve/cve-2019-3880

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880

lists.debian.org/debian-lts-announce/2019/04/msg00013.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/

security.netapp.com/advisory/ntap-20190411-0004/

support.f5.com/csp/article/K20804356

www.samba.org/samba/security/CVE-2019-3880.html

www.synology.com/security/advisory/Synology_SA_19_15

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

60.7%

Related for CVE-2019-3880

nessus32 openvas23 ubuntucve1 suse2 redhat4 ibm4 debian3 centos1 ubuntu2 oraclelinux2 samba1 redhatcve1 osv3 prion1 amazon2 alpinelinux1 veracode1 debiancve1 f51 freebsd1 altlinux1 cisa1 fedora7