Wind River Support Network

HomeDefectsLIN8-10756
Fixed

LIN8-10756 : Security Advisory - samba - CVE-2019-3880

Created: Apr 10, 2019    Updated: May 15, 2019
Resolved Date: Apr 19, 2019
Found In Version: unknown
Fix Version: 8.0.0.30
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-3880 User=admin}

CVEs


Live chat
Online