CVE-2019-10197

Name
CVE-2019-10197
Description
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197
Vendor Advisory https://www.samba.org/samba/security/CVE-2019-10197.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20190903-0001/
Third Party Advisory https://usn.ubuntu.com/4121-1/
Third Party Advisory https://www.debian.org/security/2019/dsa-4513
Mailing List https://seclists.org/bugtraq/2019/Sep/4
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/
CONFIRM https://support.f5.com/csp/article/K69511801
CONFIRM https://support.f5.com/csp/article/K69511801?utm_source=f5support&utm_medium=RSS
REDHAT https://access.redhat.com/errata/RHSA-2019:3253
REDHAT https://access.redhat.com/errata/RHSA-2019:4023
GENTOO https://security.gentoo.org/glsa/202003-52

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:4.11.0:rc2:*:*:*:*:*:* samba == None == 4.11.0
cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:* samba == None == 4.10.0
cpe:2.3:a:samba:samba:4.9.0:rc5:*:*:*:*:*:* samba == None == 4.9.0
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.10.0 <= 4.10.8
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.9.0 <= 4.9.13

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
samba edge-main 4.10.8-r0 None fixed
samba 3.22-main 4.10.8-r0 None fixed
samba 3.21-main 4.10.8-r0 None fixed
samba 3.20-main 4.10.8-r0 None fixed
samba 3.19-main 4.10.8-r0 None fixed
samba 3.18-main 4.10.8-r0 None fixed
samba 3.17-main 4.10.8-r0 None fixed
samba 3.12-main 4.10.8-r0 None fixed
samba 3.11-main 4.10.8-r0 None fixed
samba 3.10-main 4.10.8-r0 None fixed