cnvd - cnvd-2019-30718

cnvd-2019-30718

Vulnerability from cnvd

Title

Samba存在未明漏洞

Description

Samba是Samba团队的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 samba 4.9.13之前的4.9.x版本、4.10.8之前的4.10.x版本和4.11.0rc3之前的4.11.x版本中存在安全漏洞。攻击者可利用该漏洞访问共享目录之外的内容。

Severity

中

Patch Name

Samba存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.samba.org/samba/security/CVE-2019-10197.html

Reference

https://www.debian.org/security/2019/dsa-4513

Impacted products

Name
['Samba Samba 4.9.，<4.9.13', 'Samba Samba 4.10.，<4.10.8', 'Samba Samba 4.11.*，<4.11.0rc3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10197"
    }
  },
  "description": "Samba\u662fSamba\u56e2\u961f\u7684\u4e00\u5957\u53ef\u4f7fUNIX\u7cfb\u5217\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e0e\u5fae\u8f6fWindows\u64cd\u4f5c\u7cfb\u7edf\u7684SMB/CIFS\u7f51\u7edc\u534f\u8bae\u505a\u8fde\u7ed3\u7684\u81ea\u7531\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5171\u4eab\u6253\u5370\u673a\u3001\u4e92\u76f8\u4f20\u8f93\u8d44\u6599\u6587\u4ef6\u7b49\u3002\n\nsamba 4.9.13\u4e4b\u524d\u76844.9.x\u7248\u672c\u30014.10.8\u4e4b\u524d\u76844.10.x\u7248\u672c\u548c4.11.0rc3\u4e4b\u524d\u76844.11.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5171\u4eab\u76ee\u5f55\u4e4b\u5916\u7684\u5185\u5bb9\u3002",
  "discovererName": "Huzaifa S. Sidhpurwala",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.samba.org/samba/security/CVE-2019-10197.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-30718",
  "openTime": "2019-09-06",
  "patchDescription": "Samba\u662fSamba\u56e2\u961f\u7684\u4e00\u5957\u53ef\u4f7fUNIX\u7cfb\u5217\u7684\u64cd\u4f5c\u7cfb\u7edf\u4e0e\u5fae\u8f6fWindows\u64cd\u4f5c\u7cfb\u7edf\u7684SMB/CIFS\u7f51\u7edc\u534f\u8bae\u505a\u8fde\u7ed3\u7684\u81ea\u7531\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5171\u4eab\u6253\u5370\u673a\u3001\u4e92\u76f8\u4f20\u8f93\u8d44\u6599\u6587\u4ef6\u7b49\u3002\r\n\r\nsamba 4.9.13\u4e4b\u524d\u76844.9.x\u7248\u672c\u30014.10.8\u4e4b\u524d\u76844.10.x\u7248\u672c\u548c4.11.0rc3\u4e4b\u524d\u76844.11.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5171\u4eab\u76ee\u5f55\u4e4b\u5916\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samba\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Samba Samba 4.9.*\uff0c\u003c4.9.13",
      "Samba Samba 4.10.*\uff0c\u003c4.10.8",
      "Samba Samba 4.11.*\uff0c\u003c4.11.0rc3"
    ]
  },
  "referenceLink": "https://www.debian.org/security/2019/dsa-4513",
  "serverity": "\u4e2d",
  "submitTime": "2019-09-05",
  "title": "Samba\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-10197 (GCVE-0-2019-10197)

Vulnerability from cvelistv5

Published

2019-09-03 14:50

Modified

2024-08-04 22:17

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-22

Summary

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197	x_refsource_CONFIRM
	https://www.samba.org/samba/security/CVE-2019-10197.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20190903-0001/	x_refsource_CONFIRM
	https://usn.ubuntu.com/4121-1/	vendor-advisory, x_refsource_UBUNTU
	https://seclists.org/bugtraq/2019/Sep/4	mailing-list, x_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4513	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/	vendor-advisory, x_refsource_FEDORA
	https://support.f5.com/csp/article/K69511801	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3253	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:4023	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/202003-52	vendor-advisory, x_refsource_GENTOO