CVE-2019-3880
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected products
The Samba Project · sambaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.htmlhttps://access.redhat.com/errata/RHSA-2019:1966https://access.redhat.com/errata/RHSA-2019:1967https://access.redhat.com/errata/RHSA-2019:2099https://access.redhat.com/errata/RHSA-2019:3582https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880https://lists.debian.org/debian-lts-announce/2019/04/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/https://security.netapp.com/advisory/ntap-20190411-0004/