Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21794

HistoryOct 31, 2019 - 12:18 a.m.

Sandbox Restrictions Bypass

2019-10-3100:18:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

samba is vulnerable to sandbox restrictions bypass. A combination of parameters and permissions set in the samba configuration file can allow the user to escape from the share path definition.

CPENameOperatorVersion
sambaeq3.6.23__35.el6_8
sambaeq4.6.3__4.el7rhgs
sambaeq4.8.5__104.el6rhs
sambaeq4.1.12__24.ael7b_1
sambaeq4.7.5__110.el6rhs
sambaeq3.6.9__167.10.el6rhs
sambaeq4.2.4__15.el6rhs
sambaeq3.5.10__115.el6_2
sambaeq4.9.8__105.el7rhgs
sambaeq4.4.6__5.el7rhgs

Rows per page:

1-10 of 2021

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html

access.redhat.com/errata/RHSA-2019:3253

access.redhat.com/errata/RHSA-2019:4023

access.redhat.com/security/cve/CVE-2019-10197

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1667895

bugzilla.redhat.com/show_bug.cgi?id=1715503

bugzilla.redhat.com/show_bug.cgi?id=1724243

bugzilla.redhat.com/show_bug.cgi?id=1724261

bugzilla.redhat.com/show_bug.cgi?id=1743595

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197

lists.fedoraproject.org/archives/list/[email protected]/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/

lists.fedoraproject.org/archives/list/[email protected]/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/

lists.fedoraproject.org/archives/list/[email protected]/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/

seclists.org/bugtraq/2019/Sep/4

security.gentoo.org/glsa/202003-52

security.netapp.com/advisory/ntap-20190903-0001/

support.f5.com/csp/article/K69511801

support.f5.com/csp/article/K69511801?utm_source=f5support&utm_medium=RSS

usn.ubuntu.com/4121-1/

www.debian.org/security/2019/dsa-4513

www.samba.org/samba/security/CVE-2019-10197.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

Related for VERACODE:21794

redhatcve1 suse1 fedora10 openvas18 nessus24 osv2 ubuntu1 ibm2 symantec1 f51 altlinux3 ubuntucve1 debian2 debiancve1 prion1 freebsd1 samba1 cve1 redhat4 cisa1 alpinelinux1 oraclelinux2 centos1 amazon2 mageia1 gentoo1