Main Vulnerability Database Vulnerabilities #VU18148

Incorrect default permissions in Samba - CVE-2019-3870

Published: April 8, 2019

Vulnerability identifier: #VU18148

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3870

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Samba

Affected software:
Samba

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders (e.g. 0666) within installation location that are set by the application during the creation of a new Samba AD DC. A local user with access to the system can view contents of files and directories or modify them.

Note, such application behavior can occur on some upgraded Samba versions.

How to mitigate CVE-2019-3870

Install updates from vendor's website.

Sources

https://www.samba.org/samba/security/CVE-2019-3870.html

Incorrect default permissions in Samba - CVE-2019-3870

Detailed vulnerability description

How to mitigate CVE-2019-3870

Sources

Please verify you're human