CVE-2019-3880

Impact:
Moderate
Public Date:
2019-04-09
CWE:
CWE-22
Bugzilla:
1691518: CVE-2019-3880 samba: save registry file outside share as unprivileged user
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.

Find out more about CVE-2019-3880 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the version of samba shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 4.2
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat Virtualization 4 redhat-virtualization-host Not affected
Red Hat Gluster Storage 3 samba Affected
Red Hat Enterprise Linux 8 samba Affected
Red Hat Enterprise Linux 7 samba Affected
Red Hat Enterprise Linux 6 samba4 Will not fix
Red Hat Enterprise Linux 6 samba Will not fix
Red Hat Enterprise Linux 5 samba Will not fix

Acknowledgements

Red Hat would like to thank Michael Hanselmann for reporting this issue.

Mitigation

Either turn off SMB1 by setting the global parameter:
'min protocol = SMB2'
or if SMB1 is required turn off unix extensions by setting the global parameter:
'unix extensions = no'
in the smb.conf file.

External References

Last Modified