Sign-up

ID

VAR-201904-0324


CVE

CVE-2019-3870


TITLE

Samba Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003309

DESCRIPTION

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.98

sources: NVD: CVE-2019-3870 // JVNDB: JVNDB-2019-003309 // BID: 107798 // VULHUB: VHN-155305

AFFECTED PRODUCTS

vendor:sambamodel:sambascope:ltversion:4.10.2

Trust: 1.8

vendor:sambamodel:sambascope:ltversion:4.9.6

Trust: 1.0

vendor:sambamodel:sambascope:gteversion:4.9.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:synologymodel:router managerscope:eqversion:1.2

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:5.2

Trust: 1.0

vendor:synologymodel:directory serverscope:eqversion: -

Trust: 1.0

vendor:sambamodel:sambascope:gteversion:4.10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.1

Trust: 1.0

vendor:synologymodel:vs960hdscope:ltversion:2.3.6-1720

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:sambamodel:sambascope:ltversion:4.9 thats all 4.9.6

Trust: 0.8

vendor:sambamodel:sambascope:eqversion:4.10.1

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.5

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.4

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.3

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.2

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.1

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.10

Trust: 0.3

vendor:sambamodel:sambascope:neversion:4.10.2

Trust: 0.3

vendor:sambamodel:sambascope:neversion:4.9.6

Trust: 0.3

sources: BID: 107798 // JVNDB: JVNDB-2019-003309 // NVD: CVE-2019-3870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3870
value: MEDIUM

Trust: 1.0

secalert@redhat.com: CVE-2019-3870
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3870
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-308
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155305
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-3870
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155305
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert@redhat.com: CVE-2019-3870
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-3870
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-155305 // JVNDB: JVNDB-2019-003309 // CNNVD: CNNVD-201904-308 // NVD: CVE-2019-3870 // NVD: CVE-2019-3870

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-155305 // JVNDB: JVNDB-2019-003309 // NVD: CVE-2019-3870

THREAT TYPE

local

Trust: 0.9

sources: BID: 107798 // CNNVD: CNNVD-201904-308

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003309

PATCH
title:FEDORA-2019-db21b5f1d2url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/
Trust: 0.8
title:FEDORA-2019-cacf88eabfurl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/
Trust: 0.8
title:World writable files in Samba AD DC private/ dirurl:https://www.samba.org/samba/security/CVE-2019-3870.html
Trust: 0.8
title:Bug 13834url:https://bugzilla.samba.org/show_bug.cgi?id=13834
Trust: 0.8
title:Samba Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91147
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003309 // 
            
            
            
            CNNVD: CNNVD-201904-308

EXTERNAL IDS
db:NVDid:CVE-2019-3870
Trust: 2.8
db:BIDid:107798
Trust: 1.0
db:JVNDBid:JVNDB-2019-003309
Trust: 0.8
db:CNNVDid:CNNVD-201904-308
Trust: 0.7
db:NSFOCUSid:43559
Trust: 0.6
db:VULHUBid:VHN-155305
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155305 // 
            
            
            
            BID: 107798 // 
            
            
            
            JVNDB: JVNDB-2019-003309 // 
            
            
            
            CNNVD: CNNVD-201904-308 // 
            
            
            
            NVD: CVE-2019-3870

REFERENCES
url:https://bugzilla.samba.org/show_bug.cgi?id=13834
Trust: 2.0
url:https://www.samba.org/samba/security/cve-2019-3870.html
Trust: 2.0
url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3870
Trust: 1.7
url:https://support.f5.com/csp/article/k20804356
Trust: 1.7
url:https://www.synology.com/security/advisory/synology_sa_19_15
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3870
Trust: 1.4
url:http://www.securityfocus.com/bid/107798
Trust: 1.2
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/
Trust: 1.0
url:https://bugzilla.redhat.com/show_bug.cgi?id=1689010
Trust: 0.9
url:https://access.redhat.com/security/cve/cve-2019-3870
Trust: 0.9
url:http://www.samba.org
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3870
Trust: 0.8
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/
Trust: 0.7
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/
Trust: 0.7
url:https://vigilance.fr/vulnerability/samba-privilege-escalation-via-ad-dc-world-writable-private-directory-28962
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43559
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155305 // 
            
            
            
            BID: 107798 // 
            
            
            
            JVNDB: JVNDB-2019-003309 // 
            
            
            
            CNNVD: CNNVD-201904-308 // 
            
            
            
            NVD: CVE-2019-3870

CREDITS
Bj??rn Baumbach
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-308

SOURCES
db:VULHUBid:VHN-155305
db:BIDid:107798
db:JVNDBid:JVNDB-2019-003309
db:CNNVDid:CNNVD-201904-308
db:NVDid:CVE-2019-3870

LAST UPDATE DATE
2024-08-14T15:38:55.143000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155305date:2020-10-16T00:00:00
db:BIDid:107798date:2019-04-08T00:00:00
db:JVNDBid:JVNDB-2019-003309date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-308date:2020-10-19T00:00:00
db:NVDid:CVE-2019-3870date:2023-11-07T03:10:15.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-155305date:2019-04-09T00:00:00
db:BIDid:107798date:2019-04-08T00:00:00
db:JVNDBid:JVNDB-2019-003309date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-308date:2019-04-08T00:00:00
db:NVDid:CVE-2019-3870date:2019-04-09T16:29:01.867