Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Samba 4.8.0 < 4.8.10 / 4.9.x < 4.9.6 / 4.10.0 < 4.10.2 Path/Symlink Traversal Vulnerability (CVE-2019-3890)

🗓️ 16 Apr 2019 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 229 Views

The Samba 4.8.0 < 4.8.10 / 4.9.x < 4.9.6 / 4.10.0 < 4.10.2 Path/Symlink Traversal Vulnerability (CVE-2019-3890) allows authenticated, unprivileged attackers to create new files and registry hive files

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerability in Open Source Samba affects IBM Netezza Host Management
18 Oct 201903:36
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability CVE-2019-3880 in Samba affects IBM i
15 Aug 202216:25
ibm
IBM Security Bulletins		Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-3880)
3 Jun 201910:45
ibm
IBM Security Bulletins		Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2019-3880)
2 May 201910:15
ibm
ALT Linux		Security fix for the ALT Linux 10 package samba version 4.10.2-alt1
11 Apr 201900:00
altlinux
FreeBSD		samba -- multiple vulnerabilities
14 May 201900:00
freebsd
Tenable Nessus		Amazon Linux 2 : samba (ALAS-2019-1351)
7 Nov 201900:00
nessus
Tenable Nessus		Amazon Linux 2 : evolution-data-server, evolution-ews (ALAS-2020-1475)
26 Aug 202000:00
nessus
Tenable Nessus		Amazon Linux AMI : samba (ALAS-2019-1329)
20 Dec 201900:00
nessus
Tenable Nessus		Alibaba Cloud Linux 3 : 0077: samba (ALINUX3-SA-2021:0077)
14 May 202500:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124088);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/30 13:24:46");

  script_cve_id("CVE-2019-3880");
  script_bugtraq_id(107799);

  script_name(english:"Samba 4.8.0 < 4.8.10 / 4.9.x < 4.9.6 / 4.10.0 < 4.10.2 Path/Symlink Traversal Vulnerability (CVE-2019-3890)");
  script_summary(english:"Checks the version of Samba.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is potentially affected by a path/symlink traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Samba running on the remote host is 4.8.x < 4.8.11 or 
4.9.x < 4.9.6 or 4.10.0 prior to 4.10.2. It is, therefore, 
potentially affected by a path/symlink traversal vulnerability. An
authenticated, unpriviledged attacker can exploit this issue 
anywhere they have unix permissions to create a new file within the 
Samba share.  If they are able to create symlinks on a Samba share,
they can create a new registry hive file anywhere they have write
access, even outside of a Samba share definition.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2019-3880.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Samba version 4.8.11 / 4.9.6 / 4.10.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3880");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_nativelanman.nasl");
  script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("vcf.inc");
include("vcf_extras.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = vcf::samba::get_app_info();
vcf::check_granularity(app_info:app, sig_segments:3);

# Note: versions < 4.7 are EOL
constraints = [
  {"min_version":"4.8.0rc0", "fixed_version":"4.8.11"},
  {"min_version":"4.9.0rc0", "fixed_version":"4.9.6"},
  {"min_version":"4.10.0rc0", "fixed_version":"4.10.2"}
];

vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Oct 2019 13:24Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.15.4
CVSS 25.8
CVSS 38.1
EPSS0.03388
samba 4.8.xsamba 4.9.xsamba 4.10.2path/symlink traversal vulnerabilitycve-2019-3890unprivileged attackerfile creationregistry hive files
229