CVE-2019-3870

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.1:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:42

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 - Issue Tracking, Third Party Advisory
References () https://bugzilla.samba.org/show_bug.cgi?id=13834 - Exploit, Issue Tracking, Patch, Vendor Advisory () https://bugzilla.samba.org/show_bug.cgi?id=13834 - Exploit, Issue Tracking, Patch, Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ -
References () https://support.f5.com/csp/article/K20804356 - Third Party Advisory () https://support.f5.com/csp/article/K20804356 - Third Party Advisory
References () https://www.samba.org/samba/security/CVE-2019-3870.html - Mitigation, Patch, Vendor Advisory () https://www.samba.org/samba/security/CVE-2019-3870.html - Mitigation, Patch, Vendor Advisory
References () https://www.synology.com/security/advisory/Synology_SA_19_15 - Third Party Advisory () https://www.synology.com/security/advisory/Synology_SA_19_15 - Third Party Advisory

07 Nov 2023, 03:10

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/', 'name': 'FEDORA-2019-cacf88eabf', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/', 'name': 'FEDORA-2019-db21b5f1d2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ -

Information

Published : 2019-04-09 16:29

Updated : 2024-11-21 04:42


NVD link : CVE-2019-3870

Mitre link : CVE-2019-3870

CVE.ORG link : CVE-2019-3870


JSON object : View

Products Affected

synology

  • vs960hd
  • skynas
  • router_manager
  • vs960hd_firmware
  • diskstation_manager
  • directory_server
  • skynas_firmware

samba

  • samba

fedoraproject

  • fedora
CWE
CWE-276

Incorrect Default Permissions