CVE-2019-3870

MEDIUM

Samba 4.9.0-4.9.6 - Incorrect Default Permissions in AD DC Installation Directory

Title source: llm
STIX 2.1

Description

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

References (7)

Core 7
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.samba.org/samba/security/CVE-2019-3870.html
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugzilla.samba.org/show_bug.cgi?id=13834
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870
Third Party Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_19_15
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K20804356

Scores

CVSS v3 6.1
EPSS 0.0055
EPSS Percentile 68.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE
CWE-276
Status published
Products (10)
fedoraproject/fedora 29
fedoraproject/fedora 30
samba/samba 4.9.0 - 4.9.6
synology/directory_server
synology/diskstation_manager 5.2
synology/diskstation_manager 6.1
synology/diskstation_manager 6.2
synology/router_manager 1.2
synology/skynas_firmware
synology/vs960hd_firmware < 2.3.6-1720
Published Apr 09, 2019
Tracked Since Feb 18, 2026