Open Source Samba is used by IBM Netezza Host Mangement. IBM Netezza Host Management has provided mitigation for the applicable CVE.
CVEID: CVE-2019-3880 DESCRIPTION: Samba could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted “winreg_SaveKey” request to create a new registry hive file outside a Samba share.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159188> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
None
Mitigation of the reported CVE CVE-2019-3880 on following platforms :
PureData System for Analytics N1001
IBM Netezza High Capacity Appliance C1000
IBM Netezza 1000
IBM Netezza 100
PureData System for Analytics N200x and N3001
Execute below steps using “root” user on both ha1/ha2 hosts
Step 1. Check if Samba module is installed in the host
[host]# rpm -qa | grep samba
Step 2. Check if Samba service is running
[host]# /etc/init.d/smb status
Step 3. If Samba service is running, stop the smb service
[host]# /etc/init.d/smb stop
Step 4. Backup the /etc/samba/smb.conf file
[host]# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
Step 5. Edit the /etc/samba/smb.conf and set parameter as below:
Either turn off SMB1 by setting the global parameter:
#============ Global Settings ==========
[global]
min protocol = SMB2
OR,
if SMB1 is required turn off unix extensions by setting the global parameter:
[global]
unix extensions = no
Step 6. Start the smb services using below command:
[host]# /etc/init.d/smb start
Note : If samba configuration file smb.conf is changed/modified in future, please verify if above settings is changed. If changed please make sure to mitigate this issue by following steps 2 to 6.
CPE | Name | Operator | Version |
---|---|---|---|
ibm puredata system | eq | any |