CVE-2019-3880
MEDIUMSamba 3.2.0-4.8.10 - Unauthenticated Path Traversal via Registry RPC Endpoint
Title source: llmDescription
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
References (16)
Core 16
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.samba.org/samba/security/CVE-2019-3880.html
Issue Tracking, Mitigation, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
Mailing List, Patch, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190411-0004/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/
Third Party Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_19_15
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K20804356
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1966
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1967
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2099
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3582
Mitigation, Third Party Advisory
https://access.redhat.com/security/cve/cve-2019-3880
Scores
CVSS v3
5.4
EPSS
0.0339
EPSS Percentile
87.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-22
Status
published
Products (8)
debian/debian_linux
8.0
fedoraproject/fedora
28
fedoraproject/fedora
29
fedoraproject/fedora
30
opensuse/leap
42.3
redhat/enterprise_linux
7.0
redhat/gluster_storage
3.0
samba/samba
3.2.0 - 4.8.11
Published
Apr 09, 2019
Tracked Since
Feb 18, 2026