Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-3880First vendor Publication2019-04-09
VendorCveLast vendor Modification2019-05-27

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:P)
Cvss Base Score5.5Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3880

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application432
Os1
Os3
Os1
Os1

Sources (Detail)

SourceUrl
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880
https://security.netapp.com/advisory/ntap-20190411-0004/
https://support.f5.com/csp/article/K20804356
https://www.synology.com/security/advisory/Synology_SA_19_15
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MISC https://access.redhat.com/security/cve/cve-2019-3880
https://www.samba.org/samba/security/CVE-2019-3880.html
MLIST https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
REDHAT https://access.redhat.com/errata/RHSA-2019:1966
https://access.redhat.com/errata/RHSA-2019:1967
https://access.redhat.com/errata/RHSA-2019:2099
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DateInformations
2019-09-07 12:10:44
  • Multiple Updates
2019-08-07 12:10:38
  • Multiple Updates
2019-07-31 12:10:46
  • Multiple Updates
2019-07-20 12:03:41
  • Multiple Updates
2019-06-20 12:09:58
  • Multiple Updates
2019-06-15 12:10:40
  • Multiple Updates
2019-06-13 12:10:10
  • Multiple Updates
2019-05-27 13:19:50
  • Multiple Updates
2019-05-16 05:18:50
  • Multiple Updates
2019-05-10 17:19:02
  • Multiple Updates
2019-04-30 09:19:27
  • Multiple Updates
2019-04-29 21:19:29
  • Multiple Updates
2019-04-18 21:19:06
  • Multiple Updates
2019-04-16 12:09:28
  • Multiple Updates
2019-04-15 17:18:51
  • Multiple Updates
2019-04-12 05:19:08
  • Multiple Updates
2019-04-10 21:19:28
  • Multiple Updates
2019-04-10 05:18:53
  • Multiple Updates
2019-04-09 21:19:54
  • First insertion