CVE-2019-10197

MEDIUM

Samba <4.9.13-4.11.0rc3 - Path Traversal

Title source: llm
STIX 2.1

Description

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

References (15)

Core 15
Core References
Issue Tracking, Mitigation, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190903-0001/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4121-1/
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/4
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4513
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K69511801
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3253
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:4023
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-52

Scores

CVSS v3 6.5
EPSS 0.0479
EPSS Percentile 89.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-22
Status published
Products (6)
canonical/ubuntu_linux 19.04
debian/debian_linux 10.0
samba/samba 4.9.0 rc1 (5 CPE variants)
samba/samba 4.10.0 rc1 (4 CPE variants)
samba/samba 4.11.0 (4 CPE variants)
samba/samba 4.9.0 - 4.9.13
Published Sep 03, 2019
Tracked Since Feb 18, 2026