Lucene search
AmazonALAS-2019-1329HistoryDec 13, 2019 - 9:18 p.m.
Medium: samba
2019-12-1321:18:00
alas.aws.amazon.com
58
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
0.002 Low
EPSS
Percentile
61.2%
Issue Overview:
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. (CVE-2019-3880)
Affected Packages:
samba
Issue Correction:
Run yum update samba to update your system.
New Packages:
i686:
samba-winbind-clients-4.9.1-6.46.amzn1.i686
samba-test-4.9.1-6.46.amzn1.i686
samba-client-4.9.1-6.46.amzn1.i686
samba-python-test-4.9.1-6.46.amzn1.i686
samba-python-4.9.1-6.46.amzn1.i686
samba-devel-4.9.1-6.46.amzn1.i686
libwbclient-devel-4.9.1-6.46.amzn1.i686
samba-winbind-krb5-locator-4.9.1-6.46.amzn1.i686
libwbclient-4.9.1-6.46.amzn1.i686
samba-winbind-modules-4.9.1-6.46.amzn1.i686
samba-4.9.1-6.46.amzn1.i686
samba-winbind-4.9.1-6.46.amzn1.i686
samba-common-tools-4.9.1-6.46.amzn1.i686
samba-test-libs-4.9.1-6.46.amzn1.i686
ctdb-tests-4.9.1-6.46.amzn1.i686
samba-client-libs-4.9.1-6.46.amzn1.i686
samba-common-libs-4.9.1-6.46.amzn1.i686
samba-libs-4.9.1-6.46.amzn1.i686
ctdb-4.9.1-6.46.amzn1.i686
libsmbclient-devel-4.9.1-6.46.amzn1.i686
samba-debuginfo-4.9.1-6.46.amzn1.i686
libsmbclient-4.9.1-6.46.amzn1.i686
samba-krb5-printing-4.9.1-6.46.amzn1.i686
noarch:
samba-pidl-4.9.1-6.46.amzn1.noarch
samba-common-4.9.1-6.46.amzn1.noarch
src:
samba-4.9.1-6.46.amzn1.src
x86_64:
samba-devel-4.9.1-6.46.amzn1.x86_64
samba-common-tools-4.9.1-6.46.amzn1.x86_64
samba-4.9.1-6.46.amzn1.x86_64
samba-winbind-4.9.1-6.46.amzn1.x86_64
samba-python-test-4.9.1-6.46.amzn1.x86_64
libwbclient-devel-4.9.1-6.46.amzn1.x86_64
samba-common-libs-4.9.1-6.46.amzn1.x86_64
libsmbclient-devel-4.9.1-6.46.amzn1.x86_64
samba-libs-4.9.1-6.46.amzn1.x86_64
samba-winbind-clients-4.9.1-6.46.amzn1.x86_64
ctdb-4.9.1-6.46.amzn1.x86_64
samba-winbind-krb5-locator-4.9.1-6.46.amzn1.x86_64
samba-test-4.9.1-6.46.amzn1.x86_64
samba-debuginfo-4.9.1-6.46.amzn1.x86_64
samba-winbind-modules-4.9.1-6.46.amzn1.x86_64
libwbclient-4.9.1-6.46.amzn1.x86_64
libsmbclient-4.9.1-6.46.amzn1.x86_64
samba-client-4.9.1-6.46.amzn1.x86_64
ctdb-tests-4.9.1-6.46.amzn1.x86_64
samba-python-4.9.1-6.46.amzn1.x86_64
samba-krb5-printing-4.9.1-6.46.amzn1.x86_64
samba-client-libs-4.9.1-6.46.amzn1.x86_64
samba-test-libs-4.9.1-6.46.amzn1.x86_64
Additional References
Red Hat: CVE-2019-3880
Mitre: CVE-2019-3880
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | samba-winbind-clients | < 4.9.1-6.46.amzn1 | samba-winbind-clients-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-test | < 4.9.1-6.46.amzn1 | samba-test-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-client | < 4.9.1-6.46.amzn1 | samba-client-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-python-test | < 4.9.1-6.46.amzn1 | samba-python-test-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-python | < 4.9.1-6.46.amzn1 | samba-python-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-devel | < 4.9.1-6.46.amzn1 | samba-devel-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libwbclient-devel | < 4.9.1-6.46.amzn1 | libwbclient-devel-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-winbind-krb5-locator | < 4.9.1-6.46.amzn1 | samba-winbind-krb5-locator-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libwbclient | < 4.9.1-6.46.amzn1 | libwbclient-4.9.1-6.46.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | samba-winbind-modules | < 4.9.1-6.46.amzn1 | samba-winbind-modules-4.9.1-6.46.amzn1.i686.rpm |
Related
suse
suse
Security update for samba (important)
2019-04-10 00:00:00
Security update for samba (moderate)
2019-04-29 00:00:00
nessus
nessus
SUSE SLES11 Security Update : samba (SUSE-SU-2019:14042-1)
2019-05-13 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2019:1203-1)
2019-05-13 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2019:1194-1)
2019-05-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-1708)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-1689)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1195-1)
2021-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2019-3880
2019-04-08 00:00:00
cvelist
cvelist
CVE-2019-3880
2019-04-09 15:18:08
redhat
redhat
(RHSA-2019:1967) Moderate: samba security, bug fix and enhancement update
2019-07-30 10:16:50
(RHSA-2019:1966) Moderate: samba security, bug fix and enhancement update
2019-07-30 09:58:30
(RHSA-2019:3582) Moderate: samba security, bug fix, and enhancement update
2019-11-05 18:03:52
alpinelinux
alpinelinux
CVE-2019-3880
2019-04-09 16:29:01
osv
osv
CVE-2019-3880
2019-04-09 16:29:01
samba - security update
2019-04-08 00:00:00
samba - security update
2019-04-09 00:00:00
prion
prion
Design/Logic Flaw
2019-04-09 16:29:00
ibm
ibm
amazon
amazon
Medium: samba
2019-11-04 22:25:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2019-08-30 04:18:41
debian
debian
[SECURITY] [DSA 4427-1] samba security update
2019-04-08 08:26:34
[SECURITY] [DSA 4427-1] samba security update
2019-04-08 08:26:34
[SECURITY] [DLA 1754-1] samba security update
2019-04-09 20:33:14
ubuntu
ubuntu
Samba vulnerability
2019-04-08 00:00:00
Samba vulnerability
2019-04-08 00:00:00
veracode
veracode
Unauthorized File Write
2019-08-05 00:16:18
oraclelinux
oraclelinux
samba security, bug fix, and enhancement update
2019-11-14 00:00:00
samba security, bug fix, and enhancement update
2019-08-13 00:00:00
debiancve
debiancve
CVE-2019-3880
2019-04-09 16:29:01
cve
cve
CVE-2019-3880
2019-04-09 16:29:01
nvd
nvd
CVE-2019-3880
2019-04-09 16:29:01
redhatcve
redhatcve
CVE-2019-3880
2020-01-12 03:42:10
samba
samba
Save registry file outside share as unprivileged user
2019-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: samba-4.10.2-0.fc30
2019-04-13 00:10:07
[SECURITY] Fedora 29 Update: samba-4.9.6-0.fc29
2019-04-16 04:05:09
[SECURITY] Fedora 29 Update: samba-4.9.8-0.fc29
2019-05-18 03:21:47
cisa
cisa
Samba Releases Security Updates
2019-04-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.10.2-alt1
2019-04-11 00:00:00
f5
f5
K20804356 : Samba vulnerabilities CVE-2019-3870 and CVE-2019-3880
2019-05-27 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2019-05-14 00:00:00
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
0.002 Low
EPSS
Percentile
61.2%
Related for ALAS-2019-1329