CVE-2019-10197

Impact:
Moderate
Public Date:
2019-09-03
CWE:
CWE-22
Bugzilla:
1746225: CVE-2019-10197 samba: Combination of parameters and permissions can allow user to escape from the share path definition
A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share.

Find out more about CVE-2019-10197 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Only samba configurations where 'wide links' option is explicitly set to 'yes' is affected by this flaw. Therefore default configurations of samba package shipped with Red Hat Products are not affected.

This vulnerability exists in the samba server, client side packages are not affected.

Red Hat Enterprise Linux 7:
This vulnerability is currently targeted to be addressed in an upcoming release.

Red Hat Enterprise Linux 8:
This vulnerability is currently targeted to be addressed in an upcoming release.

Red Hat Gluster Storage 3:
This vulnerability is currently targeted to be addressed in an upcoming release.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Virtualization 4 redhat-virtualization-host Not affected
Red Hat Gluster Storage 3 samba Affected
Red Hat Enterprise Linux 8 samba Affected
Red Hat Enterprise Linux 7 samba Affected
Red Hat Enterprise Linux 6 samba4 Not affected
Red Hat Enterprise Linux 6 samba Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Stefan Metzmacher (SerNet) for reporting this issue.

Mitigation

The following methods can be used as a mitigation (only one is needed):
1. Use the 'sharesec' tool to configure a security descriptor for the share that's at least as strict as the permissions on the share root directory.
2. Use the 'valid users' option to allow only users/groups which are able to enter the share root directory.
3. Remove 'wide links = yes' if it's not really needed.
4. In some situations it might be an option to use 'chmod a+x' on the share root directory, but you need to make sure that files and subdirectories are protected by stricter permissions. You may also want to 'chmod a-w' in order to prevent new top level files and directories, which may have less restrictive permissions.

External References

Last Modified