| VID |
23295 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
The version of Samba running on the remote host is 4.9.x < 4.9.6. It is, therefore, potentially affected by a path/symlink traversal vulnerability. An authenticated, unpriviledged attacker can exploit this issue anywhere they have unix permissions to create a new file within the Samba share. If they are able to create symlinks on a Samba share, they can create a new registry hive file anywhere they have write access, even outside of a Samba share definition.
* References:
https://www.samba.org/samba/security/CVE-2019-3880.html
* Platforms Affected:
Samba Project, Samba versions 4.9.x before 4.9.6
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba 4.9.6 or later, available from the Samba Web site at https://www.samba.org/samba/download/ |
| Related URL |
CVE-2019-3870,CVE-2019-3880 (CVE) |
| Related URL |
107799 (SecurityFocus) |
| Related URL |
(ISS) |
|
