{"containers": {"cna": {"affected": [{"product": "samba", "vendor": "The Samba Project", "versions": [{"status": "affected", "version": "4.9.6"}, {"status": "affected", "version": "4.10.2"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-04T18:00:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2019-cacf88eabf", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"}, {"name": "FEDORA-2019-db21b5f1d2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K20804356"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3870", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "samba", "version": {"version_data": [{"version_value": "4.9.6"}, {"version_value": "4.10.2"}]}}]}, "vendor_name": "The Samba Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update."}]}, "impact": {"cvss": [[{"vectorString": "6.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-276"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2019-cacf88eabf", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"}, {"name": "FEDORA-2019-db21b5f1d2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"}, {"name": "https://www.samba.org/samba/security/CVE-2019-3870.html", "refsource": "MISC", "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"}, {"name": "https://bugzilla.samba.org/show_bug.cgi?id=13834", "refsource": "MISC", "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_15", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"}, {"name": "https://support.f5.com/csp/article/K20804356", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K20804356"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.603Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2019-cacf88eabf", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"}, {"name": "FEDORA-2019-db21b5f1d2", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K20804356"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3870", "datePublished": "2019-04-09T15:17:43", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.603Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB5809AF-3124-4475-A102-896C8909149C", "versionEndExcluding": "4.9.6", "versionStartIncluding": "4.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "08F84037-A781-469C-B023-952B56E0C26E", "versionEndExcluding": "4.10.2", "versionStartIncluding": "4.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "83512426-0B96-43E2-AFBA-592B25E61676", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "416E0865-B437-493B-AE38-C24B6037B78E", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:diskstation_manager:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "752FBED9-088B-495C-ACF2-F281C0A8F807", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "022A0BC6-2C70-406D-8D60-EC6F9F6A90CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "85F6D2BF-23EA-4D44-8126-64EA85184D38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "53EF087B-D7E9-4F9A-803A-B0260C495C67", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0A88A76-CF8A-4D29-B480-E5317219072D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F300E1F1-D61A-46A6-8A9E-F3270CFA77F6", "versionEndExcluding": "2.3.6-1720", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Samba desde la versi\u00f3n 4.9 (incluida) hasta las versiones anteriores a la 4.9.6 y 4.10.2. Durante la creaci\u00f3n de un nuevo Samba AD DC, los archivos se crean en un subdirectorio privado de la ubicaci\u00f3n de instalaci\u00f3n. Este directorio es t\u00edpicamente el modo 0700, es decir, acceso s\u00f3lo para administradores (root). Sin embargo, en algunas instalaciones actualizadas tendr\u00e1 otros permisos, como el 0755, ya que \u00e9ste era el predeterminado en versiones de Samba anteriores a la 4.8. Dentro de este directorio, los archivos se crean con el modo 0666, en el que cualquiera puede escribir, incluyendo un ejemplo de krb5.conf, y la lista de nombres DNS y valores de servicePrincipalName para actualizar."}], "id": "CVE-2019-3870", "lastModified": "2023-11-07T03:10:15.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-09T16:29:01.867", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K20804356"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Bj\u00f6rn Baumbach (SerNet) for reporting this issue.", "bugzilla": {"description": "samba: World writable files in Samba AD DC private/ dir", "id": "1689010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689010"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-276", "details": ["A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.", "A vulnerability was found in Samba versions 4.9 and later. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update."], "name": "CVE-2019-3870", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-04-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3870\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3870\nhttps://bugzilla.samba.org/show_bug.cgi?id=13834\nhttps://www.samba.org/samba/security/CVE-2019-3870.html"], "statement": "This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux or Red Hat Gluster Storage 3 as they did not include support for Active Directory Domain Controller.", "threat_severity": "Moderate", "upstream_fix": "samba 4.9.6, samba 4.10.2"}