Path traversal in samba (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-10218 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
samba (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU22329
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10218
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.
Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.
Install update from vendor's website.
Vulnerable software versionssamba (Alpine package): 4.1.3-r0 - 4.8.12-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=2eff8a828fa8e0df24702602a7a3280016efebf3
http://git.alpinelinux.org/aports/commit/?id=4da1ee1a718f0e9dfd6a6e91f9348fa96a58567d
http://git.alpinelinux.org/aports/commit/?id=b8c29bc4a15eb1bcdc0504834b34f45348972ae1
http://git.alpinelinux.org/aports/commit/?id=1a4e1a61106f66fdcf65ec33a37a99cea23db966
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
