var-201904-0324
Vulnerability from variot
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0324", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "samba", "scope": "lt", "trust": 1.8, "vendor": "samba", "version": "4.10.2" }, { "model": "samba", "scope": "gte", "trust": 1.0, "vendor": "samba", "version": "4.10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.1" }, { "model": "samba", "scope": "lt", "trust": 1.0, "vendor": "samba", "version": "4.9.6" }, { "model": "samba", "scope": "gte", "trust": 1.0, "vendor": "samba", "version": "4.9.0" }, { "model": "directory server", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "vs960hd", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "2.3.6-1720" }, { "model": "router manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "1.2" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.2" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "5.2" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "samba", "scope": "lt", "trust": 0.8, "vendor": "samba", "version": "4.9 thats all 4.9.6" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.10.1" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.9.5" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.9.4" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.9.3" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.9.2" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.9.1" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.9" }, { "model": "samba", "scope": "eq", "trust": 0.3, "vendor": "samba", "version": "4.10" }, { "model": "samba", "scope": "ne", "trust": 0.3, "vendor": "samba", "version": "4.10.2" }, { "model": "samba", "scope": "ne", "trust": 0.3, "vendor": "samba", "version": "4.9.6" } ], "sources": [ { "db": "BID", "id": "107798" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "NVD", "id": "CVE-2019-3870" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:fedoraproject:fedora", "vulnerable": true }, { "cpe22Uri": "cpe:/a:samba:samba", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003309" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Bj??rn Baumbach", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-308" } ], "trust": 0.6 }, "cve": "CVE-2019-3870", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-3870", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "VHN-155305", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "secalert@redhat.com", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "id": "CVE-2019-3870", "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "id": "CVE-2019-3870", "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3870", "trust": 1.0, "value": "MEDIUM" }, { "author": "secalert@redhat.com", "id": "CVE-2019-3870", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2019-3870", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201904-308", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-155305", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-155305" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "CNNVD", "id": "CNNVD-201904-308" }, { "db": "NVD", "id": "CVE-2019-3870" }, { "db": "NVD", "id": "CVE-2019-3870" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. \nA local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges", "sources": [ { "db": "NVD", "id": "CVE-2019-3870" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "BID", "id": "107798" }, { "db": "VULHUB", "id": "VHN-155305" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3870", "trust": 2.8 }, { "db": "BID", "id": "107798", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2019-003309", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201904-308", "trust": 0.7 }, { "db": "NSFOCUS", "id": "43559", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-155305", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155305" }, { "db": "BID", "id": "107798" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "CNNVD", "id": "CNNVD-201904-308" }, { "db": "NVD", "id": "CVE-2019-3870" } ] }, "id": "VAR-201904-0324", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-155305" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T23:08:25.741000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FEDORA-2019-db21b5f1d2", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/" }, { "title": "FEDORA-2019-cacf88eabf", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/" }, { "title": "World writable files in Samba AD DC private/ dir", "trust": 0.8, "url": "https://www.samba.org/samba/security/CVE-2019-3870.html" }, { "title": "Bug 13834", "trust": 0.8, "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834" }, { "title": "Samba Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91147" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "CNNVD", "id": "CNNVD-201904-308" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-276", "trust": 1.1 }, { "problemtype": "CWE-275", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155305" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "NVD", "id": "CVE-2019-3870" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834" }, { "trust": 2.0, "url": "https://www.samba.org/samba/security/cve-2019-3870.html" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3870" }, { "trust": 1.7, "url": "https://support.f5.com/csp/article/k20804356" }, { "trust": 1.7, "url": "https://www.synology.com/security/advisory/synology_sa_19_15" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3870" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/107798" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689010" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-3870" }, { "trust": 0.9, "url": "http://www.samba.org" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3870" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/samba-privilege-escalation-via-ad-dc-world-writable-private-directory-28962" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/43559" } ], "sources": [ { "db": "VULHUB", "id": "VHN-155305" }, { "db": "BID", "id": "107798" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "CNNVD", "id": "CNNVD-201904-308" }, { "db": "NVD", "id": "CVE-2019-3870" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-155305" }, { "db": "BID", "id": "107798" }, { "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "db": "CNNVD", "id": "CNNVD-201904-308" }, { "db": "NVD", "id": "CVE-2019-3870" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-09T00:00:00", "db": "VULHUB", "id": "VHN-155305" }, { "date": "2019-04-08T00:00:00", "db": "BID", "id": "107798" }, { "date": "2019-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "date": "2019-04-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-308" }, { "date": "2019-04-09T16:29:01.867000", "db": "NVD", "id": "CVE-2019-3870" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-155305" }, { "date": "2019-04-08T00:00:00", "db": "BID", "id": "107798" }, { "date": "2019-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003309" }, { "date": "2020-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-308" }, { "date": "2024-11-21T04:42:45.720000", "db": "NVD", "id": "CVE-2019-3870" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "107798" }, { "db": "CNNVD", "id": "CNNVD-201904-308" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Samba Permissions vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003309" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-308" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.