CVE-2019-10197 — Path Traversal in Samba

CWE-22 — Path Traversal8 documents7 sources

Severity

9.1CRITICALNVD

EPSS

4.8%

top 10.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedSep 3

Latest updateMay 24

Description

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶debiandebian/samba< samba 2:4.9.13+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.9.13+dfsg-1+3

▶NVDsamba/samba4.9.0 — 4.9.13+4

▶CVEListV5samba/sambasamba 4.10.x up to 4.10.8, samba 4.11.x up to 4.11.0rc3, samba 4.9.x up to 4.9.13+2

Also affects: Debian Linux 10.0, Ubuntu Linux 19.04

🔴Vulnerability Details

GHSA

GHSA-v6g6-jxr8-2r44: A flaw was found in samba versions 4↗2022-05-24

▶

OSV

CVE-2019-10197: A flaw was found in samba versions 4↗2019-09-03

▶

📋Vendor Advisories

Ubuntu

Samba vulnerability↗2019-09-03

▶

Red Hat

samba: Combination of parameters and permissions can allow user to escape from the share path definition↗2019-09-03

▶

Debian

CVE-2019-10197: samba - A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8...↗2019

▶

💬Community

Bugzilla

CVE-2019-10197 samba: Combination of parameters and permissions can allow user to escape from the share path definition. [fedora-all]↗2019-09-03

▶

Bugzilla

CVE-2019-10197 samba: Combination of parameters and permissions can allow user to escape from the share path definition↗2019-08-28

▶