{"containers": {"cna": {"affected": [{"product": "samba", "vendor": "SAMBA", "versions": [{"status": "affected", "version": "samba 4.9.x up to 4.9.13"}, {"status": "affected", "version": "samba 4.10.x up to 4.10.8"}, {"status": "affected", "version": "samba 4.11.x up to 4.11.0rc3"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-25T18:06:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"}, {"tags": ["x_refsource_MISC"], "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"}, {"name": "USN-4121-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4121-1/"}, {"name": "20190904 [SECURITY] [DSA 4513-1] samba security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/4"}, {"name": "DSA-4513", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4513"}, {"name": "openSUSE-SU-2019:2142", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"}, {"name": "FEDORA-2019-e3e521e5b3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"}, {"name": "FEDORA-2019-eb1e982800", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"}, {"name": "FEDORA-2019-41c7fa478a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K69511801"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "RHSA-2019:3253", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3253"}, {"name": "RHSA-2019:4023", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4023"}, {"name": "GLSA-202003-52", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-52"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "samba", "version": {"version_data": [{"version_value": "samba 4.9.x up to 4.9.13"}, {"version_value": "samba 4.10.x up to 4.10.8"}, {"version_value": "samba 4.11.x up to 4.11.0rc3"}]}}]}, "vendor_name": "SAMBA"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share."}]}, "impact": {"cvss": [[{"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"}, {"name": "https://www.samba.org/samba/security/CVE-2019-10197.html", "refsource": "MISC", "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190903-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"}, {"name": "USN-4121-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4121-1/"}, {"name": "20190904 [SECURITY] [DSA 4513-1] samba security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/4"}, {"name": "DSA-4513", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4513"}, {"name": "openSUSE-SU-2019:2142", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"}, {"name": "FEDORA-2019-e3e521e5b3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"}, {"name": "FEDORA-2019-eb1e982800", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"}, {"name": "FEDORA-2019-41c7fa478a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"}, {"name": "https://support.f5.com/csp/article/K69511801", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K69511801"}, {"name": "https://support.f5.com/csp/article/K69511801?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support&utm_medium=RSS"}, {"name": "RHSA-2019:3253", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3253"}, {"name": "RHSA-2019:4023", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4023"}, {"name": "GLSA-202003-52", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-52"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:18.912Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"}, {"name": "USN-4121-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4121-1/"}, {"name": "20190904 [SECURITY] [DSA 4513-1] samba security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/4"}, {"name": "DSA-4513", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4513"}, {"name": "openSUSE-SU-2019:2142", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"}, {"name": "FEDORA-2019-e3e521e5b3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"}, {"name": "FEDORA-2019-eb1e982800", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"}, {"name": "FEDORA-2019-41c7fa478a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K69511801"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "RHSA-2019:3253", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3253"}, {"name": "RHSA-2019:4023", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4023"}, {"name": "GLSA-202003-52", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-52"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10197", "datePublished": "2019-09-03T14:50:27", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:17:18.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "65C21A32-9985-426A-A16F-30B0F58BA953", "versionEndIncluding": "4.9.13", "versionStartIncluding": "4.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCB3F24-4220-42C4-9896-03AE9C5D6175", "versionEndIncluding": "4.10.8", "versionStartIncluding": "4.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8A746181-E573-4080-A96B-B5C47A00DD96", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "280C0C80-3E4E-4E2A-BEB3-2E17D1B1E675", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "A0D28AE7-4CCD-41DB-9863-FF2990D316F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "F37B907F-6E7A-4FA4-828C-327AA838AB02", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.9.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "C8665763-B246-40DB-92A3-57CFCD4E70F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "31966B4C-81C4-4C65-B127-A918EA50863E", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "BB58CF2F-D1E1-4459-AEC8-A8C3F53D9028", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "846B3FA6-9799-412D-B36E-DE56F889CC7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.10.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "854212A7-CFCE-4C1D-9C9B-8C98C69604B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "36AAA8FC-627F-4928-853C-1B785D1E33C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D75D1E2C-C220-41E1-903E-5908D8F53373", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "ACC5280F-160C-4835-A9FB-3D5F625BB073", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.11.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "05A7E021-6CAA-4581-A274-996E0A69967C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share."}, {"lang": "es", "value": "Se ha encontrado un error en Samba en las versiones 4.9.x hasta 4.9.13, samba versiones 4.10.x hasta 4.10.8 y samba versiones 4.11.x hasta 4.11.0rc3, cuando ciertos par\u00e1metros se establecieron en el archivo de configuraci\u00f3n de samba. Un atacante no autenticado podr\u00eda usar este defecto para escapar del directorio compartido y acceder al contenido de los directorios fuera del recurso compartido."}], "id": "CVE-2019-10197", "lastModified": "2023-11-07T03:02:26.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-09-03T15:15:11.223", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:3253"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:4023"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/4"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202003-52"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190903-0001/"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K69511801"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K69511801?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4121-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4513"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2019-10197.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Stefan Metzmacher (SerNet) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:1084", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.10.4-10.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-31T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "openchange-0:2.3-24.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "samba-0:4.11.2-13.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openchange-0:2.3-24.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1878", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "samba-0:4.11.2-13.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2019:4023", "cpe": "cpe:/a:redhat:storage:3.5:samba:el6", "package": "samba-0:4.9.8-110.el6rhs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 6", "release_date": "2019-12-02T00:00:00Z"}, {"advisory": "RHSA-2019:3253", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "samba-0:4.9.8-109.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2019-10-30T00:00:00Z"}], "bugzilla": {"description": "samba: Combination of parameters and permissions can allow user to escape from the share path definition", "id": "1746225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746225"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.", "A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share."], "mitigation": {"lang": "en:us", "value": "The following methods can be used as a mitigation (only one is needed):\n1. Use the 'sharesec' tool to configure a security descriptor for the share that's at least as strict as the permissions on the share root directory.\n2. Use the 'valid users' option to allow only users/groups which are able to enter the share root directory.\n3. Remove 'wide links = yes' if it's not really needed.\n4. In some situations it might be an option to use 'chmod a+x' on the share root directory, but you need to make sure that files and subdirectories are protected by stricter permissions. You may also want to 'chmod a-w' in order to prevent new top level files and directories, which may have less restrictive permissions."}, "name": "CVE-2019-10197", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-09-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10197\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10197\nhttps://www.samba.org/samba/security/CVE-2019-10197.html"], "statement": "Only samba configurations where 'wide links' option is explicitly set to 'yes' is affected by this flaw. Therefore default configurations of samba package shipped with Red Hat Products are not affected.\nThis vulnerability exists in the samba server, client side packages are not affected.", "threat_severity": "Moderate", "upstream_fix": "samba 4.9.13, samba 4.10.8, samba 4.11.0rc3"}