Skip to main content

Samba CVE-2019-3870

MEDIUM
Incorrect Default Permissions (CWE-276)
2019-04-09 secalert@redhat.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 09, 2019 - 16:29 nvd
MEDIUM 6.1

DescriptionNVD

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

AnalysisAI

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Affected products include: Samba, Fedoraproject Fedora, Synology Directory Server, Synology Router Manager, Synology Diskstation Manager. Version information: before 4.9.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

More in Samba

View all
CVE-2012-1182 CRITICAL POC
10.0 Apr 10

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement valida

CVE-2015-0240 CRITICAL POC
10.0 Feb 24

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1

CVE-2016-2118 HIGH POC
7.5 Apr 12

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x befor

CVE-2013-4124 MEDIUM POC
5.0 Aug 06

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.

CVE-2014-3560 HIGH
7.9 Aug 06

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to exec

CVE-2012-0870 HIGH
7.9 Feb 23

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry Play

CVE-2015-7540 HIGH
7.5 Dec 29

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful

CVE-2017-15275 HIGH
7.5 Nov 27

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to c

CVE-2017-14746 CRITICAL
9.8 Nov 27

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted S

CVE-2015-5252 HIGH POC
7.2 Dec 29

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with cert

CVE-2023-3961 CRITICAL POC
9.8 Nov 03

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain socke

CVE-2022-42898 HIGH POC
8.8 Dec 25

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to r

Share

CVE-2019-3870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy