CVE-2019-3870
published 2019-04-09CVE-2019-3870: A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are…
PriorityP427medium6.1CVSS 3.1
AVLACLPRLUINSUCNILAH
EPSS
0.55%
41.9th percentile
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 2:4.9.5+dfsg-3 (bookworm) | samba 2:4.9.5+dfsg-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | azl3_samba_4.18.3-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| samba | samba | >= 0 < 2:4.9.5+dfsg-3 | 2:4.9.5+dfsg-3 |
| samba | samba | >= 0 < 2:4.9.5+dfsg-3 | 2:4.9.5+dfsg-3 |
| samba | samba | >= 0 < 2:4.9.5+dfsg-3 | 2:4.9.5+dfsg-3 |
| samba | samba | >= 0 < 2:4.9.5+dfsg-3 | 2:4.9.5+dfsg-3 |
| samba | samba | >= 4.10.0 < 4.10.2 | 4.10.2 |
| samba | samba | >= 4.9.0 < 4.9.6 | 4.9.6 |
| synology | diskstation_manager | — | — |
| synology | diskstation_manager | — | — |
| synology | diskstation_manager | — | — |
| synology | router_manager | — | — |
| synology | vs960hd_firmware | < 2.3.6-1720 | 2.3.6-1720 |
| the_samba_project | samba | — | — |
| the_samba_project | samba | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvdv3.06.1MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_msrc6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install
vendor_msrc·2019-04-09·CVSS 6.1
CVE-2019-3870 [MEDIUM] CWE-276 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install location. This directory is typically mode 0700 that is owner (root) only access. However in some upgraded installations it will have other permissions such as 0755 because this was the default before Samba 4.8. Within this directory files are created with mode 0666 which is world-writable including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use th
Red Hat
samba: World writable files in Samba AD DC private/ dir
vendor_redhat·2019-04-09·CVSS 6.1
CVE-2019-3870 [MEDIUM] CWE-276 samba: World writable files in Samba AD DC private/ dir
samba: World writable files in Samba AD DC private/ dir
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
A vulnerability was found in Samba versions 4.9 and later. During the creation of a new Samba AD DC, files are created in a private subdirectory
Debian
CVE-2019-3870: samba - A vulnerability was found in Samba from version (including) 4.9 to versions befo...
vendor_debian·2019·CVSS 6.1
CVE-2019-3870 [MEDIUM] CVE-2019-3870: samba - A vulnerability was found in Samba from version (including) 4.9 to versions befo...
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
Scope: local
bookworm: resolved (fixed in 2:4.9.5+dfsg-3)
bullseye: resolved (fixed in 2:4.9.5+dfsg-3)
forky: resolved (fixed in 2:4.9.5+dfsg-3)
sid: resolved (fixed in 2:4.9.5+dfsg-3)
trixie: resolved
GHSA
GHSA-xv9q-3jh5-9rrc: A vulnerability was found in Samba from version (including) 4
ghsa_unreviewed·2022-05-13
CVE-2019-3870 [MEDIUM] CWE-276 GHSA-xv9q-3jh5-9rrc: A vulnerability was found in Samba from version (including) 4
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
OSV
CVE-2019-3870: A vulnerability was found in Samba from version (including) 4
osv·2019-04-09·CVSS 6.1
CVE-2019-3870 [MEDIUM] CVE-2019-3870: A vulnerability was found in Samba from version (including) 4
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir [fedora-29]
bugzilla·2019-04-09·CVSS 6.1
CVE-2019-3870 [MEDIUM] CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir [fedora-29]
CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir [fedora-29]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-29.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for th
Bugzilla
CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
bugzilla·2019-03-14·CVSS 6.1
CVE-2019-3870 [MEDIUM] CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
A vulnerability was found in Samba versions 4.9 and later. During the creation of a new Samba AD DC, files are created in a the private/ subdirectory of our install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory files are created with mode 0666, that is world-writable, including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update.
Discussion:
Acknowledgments:
Name: Björn Baumbach (SerNet)
---
Statement:
This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux or
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870https://bugzilla.samba.org/show_bug.cgi?id=13834https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/https://support.f5.com/csp/article/K20804356https://www.samba.org/samba/security/CVE-2019-3870.htmlhttps://www.synology.com/security/advisory/Synology_SA_19_15https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870https://bugzilla.samba.org/show_bug.cgi?id=13834https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/https://support.f5.com/csp/article/K20804356https://www.samba.org/samba/security/CVE-2019-3870.htmlhttps://www.synology.com/security/advisory/Synology_SA_19_15
2019-04-09
Published