CVE-2019-3880

Name
CVE-2019-3880
Description
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mitigation https://www.samba.org/samba/security/CVE-2019-3880.html
Mitigation https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html
Mitigation https://access.redhat.com/security/cve/cve-2019-3880
Third Party Advisory https://security.netapp.com/advisory/ntap-20190411-0004/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/
CONFIRM https://www.synology.com/security/advisory/Synology_SA_19_15
CONFIRM https://support.f5.com/csp/article/K20804356
REDHAT https://access.redhat.com/errata/RHSA-2019:1966
REDHAT https://access.redhat.com/errata/RHSA-2019:1967
REDHAT https://access.redhat.com/errata/RHSA-2019:2099
REDHAT https://access.redhat.com/errata/RHSA-2019:3582

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= None < 4.8.11
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.10.0 < 4.10.2
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* samba >= 4.9.0 < 4.9.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status