Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
sambaSamba SecuritySAMBA:CVE-2019-10218
HistoryOct 29, 2019 - 12:00 a.m.

Client code can return filenames containing

2019-10-2900:00:00
Samba Security
www.samba.org
11

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

Description

Samba client code (libsmbclient) returns server-supplied filenames to
calling code without checking for pathname separators (such as “/” or
“…/”) in the server returned names.

A malicious server can craft a pathname containing separators and
return this to client code, causing the client to use this access local
pathnames for reading or writing instead of SMB network pathnames.

This access is done using the local privileges of the client.

This attack can be achieved using any of SMB1/2/3 as it is not reliant
on any specific SMB protocol version.

Specifically, samba client tools like smbget and smbclient’s mget use
the server supplied ‘final’ name component as a local name when
obtaining multiple files. While the design of these tools is that
server can always choose the file names, this vulnerability is that it
allows a remote server to create local files outside the current
working directory.

Users of the libsmbclient library external to Samba may also be
vulnerable if they use server returned filenames without adequate
checking and pass them to functions that do local filesystem access.

Note that the Gnome GVFS client library is not believed to be
vulnerable, as it always passes server-returned pathnames back to the
SMB share they were returned from. Such malformed pathnames are then
rejected by the server.

Patch Availability

Patches addressing both these issues have been posted to:

http://www.samba.org/samba/security/

Additionally, Samba 4.11.2, 4.10.10 and 4.9.15 have been issued as
security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon as
possible.

CVSSv3 calculation

CVSSv3: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N (5.3)

Workaround

None.

Credits

Originally reported by Michael Hanselmann.

Patches provided by Jeremy Allison of the Samba Team and Google.

Advisory by Jeremy Allison of the Samba Team and Google and Andrew
Bartlett of the Samba Team and Catalyst.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team

Related

redhatcve 1
osv 3
ibm 5
openvas 28
cve 1
prion 1
alpinelinux 1
nessus 32
ubuntucve 1
debiancve 1
symantec 1
veracode 1
oraclelinux 2
redhat 3
ubuntu 2
centos 1
fedora 7
amazon 2
cisa 1
freebsd 1
altlinux 3
suse 2
archlinux 1
mageia 1
debian 2
redhatcve
redhatcve
CVE-2019-10218
2020-04-03 14:01:57
osv
osv
CVE-2019-10218
2019-11-06 10:15:10
samba - security update
2023-09-12 00:00:00
samba - security update
2021-05-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerability CVE-2019-10218 in Samba affects IBM i
2019-11-26 23:31:15
Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2019-10218)
2020-05-20 12:58:04
Security Bulletin: IBM WebSphere Message Broker Hypervisor Edition V8.0 require customer action for security vulnerabilities in Red Hat Linux
2019-12-23 02:52:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:2893-1)
2021-04-19 00:00:00
Samba Security Vulnerability (CVE-2019-10218)
2021-11-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2890-1)
2021-04-19 00:00:00
cve
cve
CVE-2019-10218
2019-11-06 10:15:00
prion
prion
Design/Logic Flaw
2019-11-06 10:15:00
alpinelinux
alpinelinux
CVE-2019-10218
2019-11-06 10:15:00
nessus
nessus
SUSE SLES11 Security Update : samba (SUSE-SU-2019:14202-1)
2021-06-10 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2019:2893-1)
2019-11-06 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2019:2875-1)
2019-11-01 00:00:00
ubuntucve
ubuntucve
CVE-2019-10218
2019-10-29 00:00:00
debiancve
debiancve
CVE-2019-10218
2019-11-06 10:15:00
symantec
symantec
Samba CVE-2019-10218 Path Traversal Arbitrary File Write Vulnerability
2019-10-29 00:00:00
veracode
veracode
Privilege Escalation
2020-08-06 21:28:32
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2020-04-06 00:00:00
samba security, bug fix, and enhancement update
2020-05-05 00:00:00
redhat
redhat
(RHSA-2020:1084) Moderate: samba security, bug fix, and enhancement update
2020-03-31 09:16:36
(RHSA-2020:0943) Moderate: samba security and bug fix update
2020-03-23 13:41:48
(RHSA-2020:1878) Moderate: samba security, bug fix, and enhancement update
2020-04-28 09:26:30
ubuntu
ubuntu
Samba vulnerabilities
2019-10-29 00:00:00
Samba vulnerabilities
2019-10-29 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2020-04-08 19:18:01
fedora
fedora
[SECURITY] Fedora 31 Update: samba-4.11.2-1.fc31
2019-11-14 01:13:15
[SECURITY] Fedora 31 Update: samba-4.11.3-0.fc31
2019-12-12 01:55:33
[SECURITY] Fedora 30 Update: samba-4.10.10-0.fc30
2019-11-16 01:04:31
amazon
amazon
Medium: samba
2020-07-14 02:45:00
Medium: samba
2020-08-26 23:09:00
cisa
cisa
Samba Releases Security Updates
2019-10-29 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2019-09-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package samba-DC version 4.9.15-alt1
2019-11-05 00:00:00
Security fix for the ALT Linux 10 package samba version 4.10.10-alt1
2019-10-29 00:00:00
Security fix for the ALT Linux 8 package samba version 4.9.15-alt1
2019-11-05 00:00:00
suse
suse
Security update for samba (important)
2019-11-09 00:00:00
Security update for samba (important)
2019-11-05 00:00:00
archlinux
archlinux
[ASA-201911-6] samba: multiple issues
2019-11-03 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2019-12-19 16:44:26
debian
debian
[SECURITY] [DLA 3563-1] samba security update
2023-09-14 14:43:24
[SECURITY] [DLA 2668-1] samba security update
2021-05-29 11:11:27

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON
Related for SAMBA:CVE-2019-10218
redhatcve1osv3ibm5openvas28cve1prion1alpinelinux1nessus32ubuntucve1debiancve1symantec1veracode1oraclelinux2redhat3ubuntu2centos1fedora7amazon2cisa1freebsd1altlinux3suse2archlinux1mageia1debian2