CVE-2019-10197

CVE-2019-10197

Name

CVE-2019-10197

Description

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197
Vendor Advisory	https://www.samba.org/samba/security/CVE-2019-10197.html
Third Party Advisory	https://security.netapp.com/advisory/ntap-20190903-0001/
Third Party Advisory	https://usn.ubuntu.com/4121-1/
Third Party Advisory	https://www.debian.org/security/2019/dsa-4513
Mailing List	https://seclists.org/bugtraq/2019/Sep/4
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/
CONFIRM	https://support.f5.com/csp/article/K69511801
CONFIRM	https://support.f5.com/csp/article/K69511801?utm_source=f5support&utm_medium=RSS
REDHAT	https://access.redhat.com/errata/RHSA-2019:3253
REDHAT	https://access.redhat.com/errata/RHSA-2019:4023
GENTOO	https://security.gentoo.org/glsa/202003-52

Type

URI

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197

Vendor Advisory

https://www.samba.org/samba/security/CVE-2019-10197.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190903-0001/

Third Party Advisory

https://usn.ubuntu.com/4121-1/

Third Party Advisory

https://www.debian.org/security/2019/dsa-4513

Mailing List

https://seclists.org/bugtraq/2019/Sep/4

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/

CONFIRM

https://support.f5.com/csp/article/K69511801

CONFIRM

https://support.f5.com/csp/article/K69511801?utm_source=f5support&utm_medium=RSS

REDHAT

https://access.redhat.com/errata/RHSA-2019:3253

REDHAT

https://access.redhat.com/errata/RHSA-2019:4023

GENTOO

https://security.gentoo.org/glsa/202003-52

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:samba:samba:4.11.0:rc2::::::`	samba	== None	== 4.11.0
`cpe:2.3:a:samba:samba:4.10.0:rc1::::::`	samba	== None	== 4.10.0
`cpe:2.3:a:samba:samba:4.9.0:rc5::::::`	samba	== None	== 4.9.0
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.10.0	<= 4.10.8
`cpe:2.3:a:samba:samba::::::::`	samba	>= 4.9.0	<= 4.9.13

CPE URI

Source package

Min version

Max version

cpe:2.3:a:samba:samba:4.11.0:rc2:*:*:*:*:*:*

samba

== None

== 4.11.0

cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*

samba

== None

== 4.10.0

cpe:2.3:a:samba:samba:4.9.0:rc5:*:*:*:*:*:*

samba

== None

== 4.9.0

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.10.0

<= 4.10.8

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

samba

>= 4.9.0

<= 4.9.13

References

Match rules

Vulnerable and fixed packages