Public Date:
1691518: CVE-2019-3880 samba: save registry file outside share as unprivileged user
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.

Find out more about CVE-2019-3880 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue affects the version of samba shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.

CVSS v3 metrics

CVSS3 Base Score 4.2
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (samba) RHSA-2019:2099 2019-08-06
Red Hat Gluster Storage 3.4 for RHEL 7 (samba) RHSA-2019:1966 2019-07-30
Red Hat Gluster Storage 3.4 for RHEL 6 (samba) RHSA-2019:1967 2019-07-30

Affected Packages State

Platform Package State
Red Hat Virtualization 4 redhat-virtualization-host Not affected
Red Hat Enterprise Linux 8 samba Affected
Red Hat Enterprise Linux 6 samba Will not fix
Red Hat Enterprise Linux 6 samba4 Will not fix
Red Hat Enterprise Linux 5 samba Will not fix
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.


Red Hat would like to thank Michael Hanselmann for reporting this issue.


Either turn off SMB1 by setting the global parameter:
'min protocol = SMB2'
or if SMB1 is required turn off unix extensions by setting the global parameter:
'unix extensions = no'
in the smb.conf file.

External References

Last Modified