fkie_cve-2019-10197
Vulnerability from fkie_nvd
Published
2019-09-03 15:15
Modified
2024-11-21 04:18
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samba | samba | * | |
| samba | samba | * | |
| samba | samba | 4.9.0 | |
| samba | samba | 4.9.0 | |
| samba | samba | 4.9.0 | |
| samba | samba | 4.9.0 | |
| samba | samba | 4.9.0 | |
| samba | samba | 4.10.0 | |
| samba | samba | 4.10.0 | |
| samba | samba | 4.10.0 | |
| samba | samba | 4.10.0 | |
| samba | samba | 4.11.0 | |
| samba | samba | 4.11.0 | |
| samba | samba | 4.11.0 | |
| samba | samba | 4.11.0 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C21A32-9985-426A-A16F-30B0F58BA953",
"versionEndIncluding": "4.9.13",
"versionStartIncluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCB3F24-4220-42C4-9896-03AE9C5D6175",
"versionEndIncluding": "4.10.8",
"versionStartIncluding": "4.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8A746181-E573-4080-A96B-B5C47A00DD96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "280C0C80-3E4E-4E2A-BEB3-2E17D1B1E675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A0D28AE7-4CCD-41DB-9863-FF2990D316F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F37B907F-6E7A-4FA4-828C-327AA838AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C8665763-B246-40DB-92A3-57CFCD4E70F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "31966B4C-81C4-4C65-B127-A918EA50863E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BB58CF2F-D1E1-4459-AEC8-A8C3F53D9028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "846B3FA6-9799-412D-B36E-DE56F889CC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "854212A7-CFCE-4C1D-9C9B-8C98C69604B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36AAA8FC-627F-4928-853C-1B785D1E33C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D75D1E2C-C220-41E1-903E-5908D8F53373",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.11.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ACC5280F-160C-4835-A9FB-3D5F625BB073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:4.11.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "05A7E021-6CAA-4581-A274-996E0A69967C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share."
},
{
"lang": "es",
"value": "Se ha encontrado un error en Samba en las versiones 4.9.x hasta 4.9.13, samba versiones 4.10.x hasta 4.10.8 y samba versiones 4.11.x hasta 4.11.0rc3, cuando ciertos par\u00e1metros se establecieron en el archivo de configuraci\u00f3n de samba. Un atacante no autenticado podr\u00eda usar este defecto para escapar del directorio compartido y acceder al contenido de los directorios fuera del recurso compartido."
}
],
"id": "CVE-2019-10197",
"lastModified": "2024-11-21T04:18:38.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-03T15:15:11.223",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:3253"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2019:4023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/4"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202003-52"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0001/"
},
{
"source": "secalert@redhat.com",
"url": "https://support.f5.com/csp/article/K69511801"
},
{
"source": "secalert@redhat.com",
"url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4121-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4513"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.samba.org/samba/security/CVE-2019-10197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:4023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190903-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K69511801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4121-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.samba.org/samba/security/CVE-2019-10197.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…