ID

VAR-201904-0324


CVE

CVE-2019-3870


TITLE

Samba Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003309

DESCRIPTION

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.98

sources: NVD: CVE-2019-3870 // JVNDB: JVNDB-2019-003309 // BID: 107798 // VULHUB: VHN-155305

AFFECTED PRODUCTS

vendor:sambamodel:sambascope:ltversion:4.10.2

Trust: 1.8

vendor:sambamodel:sambascope:ltversion:4.9.6

Trust: 1.0

vendor:sambamodel:sambascope:gteversion:4.9.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:synologymodel:router managerscope:eqversion:1.2

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:5.2

Trust: 1.0

vendor:synologymodel:directory serverscope:eqversion: -

Trust: 1.0

vendor:sambamodel:sambascope:gteversion:4.10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:eqversion:6.1

Trust: 1.0

vendor:synologymodel:vs960hdscope:ltversion:2.3.6-1720

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:sambamodel:sambascope:ltversion:4.9 thats all 4.9.6

Trust: 0.8

vendor:sambamodel:sambascope:eqversion:4.10.1

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.5

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.4

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.3

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.2

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9.1

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.9

Trust: 0.3

vendor:sambamodel:sambascope:eqversion:4.10

Trust: 0.3

vendor:sambamodel:sambascope:neversion:4.10.2

Trust: 0.3

vendor:sambamodel:sambascope:neversion:4.9.6

Trust: 0.3

sources: BID: 107798 // JVNDB: JVNDB-2019-003309 // NVD: CVE-2019-3870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3870
value: MEDIUM

Trust: 1.0

secalert@redhat.com: CVE-2019-3870
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3870
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-308
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155305
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-3870
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155305
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert@redhat.com: CVE-2019-3870
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-3870
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-155305 // JVNDB: JVNDB-2019-003309 // CNNVD: CNNVD-201904-308 // NVD: CVE-2019-3870 // NVD: CVE-2019-3870

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-155305 // JVNDB: JVNDB-2019-003309 // NVD: CVE-2019-3870

THREAT TYPE

local

Trust: 0.9

sources: BID: 107798 // CNNVD: CNNVD-201904-308

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-308

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003309

PATCH

title:FEDORA-2019-db21b5f1d2url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/

Trust: 0.8

title:FEDORA-2019-cacf88eabfurl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/

Trust: 0.8

title:World writable files in Samba AD DC private/ dirurl:https://www.samba.org/samba/security/CVE-2019-3870.html

Trust: 0.8

title:Bug 13834url:https://bugzilla.samba.org/show_bug.cgi?id=13834

Trust: 0.8

title:Samba Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91147

Trust: 0.6

sources: JVNDB: JVNDB-2019-003309 // CNNVD: CNNVD-201904-308

EXTERNAL IDS

db:NVDid:CVE-2019-3870

Trust: 2.8

db:BIDid:107798

Trust: 1.0

db:JVNDBid:JVNDB-2019-003309

Trust: 0.8

db:CNNVDid:CNNVD-201904-308

Trust: 0.7

db:NSFOCUSid:43559

Trust: 0.6

db:VULHUBid:VHN-155305

Trust: 0.1

sources: VULHUB: VHN-155305 // BID: 107798 // JVNDB: JVNDB-2019-003309 // CNNVD: CNNVD-201904-308 // NVD: CVE-2019-3870

REFERENCES

url:https://bugzilla.samba.org/show_bug.cgi?id=13834

Trust: 2.0

url:https://www.samba.org/samba/security/cve-2019-3870.html

Trust: 2.0

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3870

Trust: 1.7

url:https://support.f5.com/csp/article/k20804356

Trust: 1.7

url:https://www.synology.com/security/advisory/synology_sa_19_15

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-3870

Trust: 1.4

url:http://www.securityfocus.com/bid/107798

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/

Trust: 1.0

url:https://bugzilla.redhat.com/show_bug.cgi?id=1689010

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2019-3870

Trust: 0.9

url:http://www.samba.org

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3870

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/

Trust: 0.7

url:https://vigilance.fr/vulnerability/samba-privilege-escalation-via-ad-dc-world-writable-private-directory-28962

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43559

Trust: 0.6

sources: VULHUB: VHN-155305 // BID: 107798 // JVNDB: JVNDB-2019-003309 // CNNVD: CNNVD-201904-308 // NVD: CVE-2019-3870

CREDITS

Bj??rn Baumbach

Trust: 0.6

sources: CNNVD: CNNVD-201904-308

SOURCES

db:VULHUBid:VHN-155305
db:BIDid:107798
db:JVNDBid:JVNDB-2019-003309
db:CNNVDid:CNNVD-201904-308
db:NVDid:CVE-2019-3870

LAST UPDATE DATE

2024-08-14T15:38:55.143000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-155305date:2020-10-16T00:00:00
db:BIDid:107798date:2019-04-08T00:00:00
db:JVNDBid:JVNDB-2019-003309date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-308date:2020-10-19T00:00:00
db:NVDid:CVE-2019-3870date:2023-11-07T03:10:15.880

SOURCES RELEASE DATE

db:VULHUBid:VHN-155305date:2019-04-09T00:00:00
db:BIDid:107798date:2019-04-08T00:00:00
db:JVNDBid:JVNDB-2019-003309date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-308date:2019-04-08T00:00:00
db:NVDid:CVE-2019-3870date:2019-04-09T16:29:01.867