Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3880

Опубликовано: 09 апр. 2019
Источник: nvd
CVSS3: 4.2
CVSS3: 5.4
CVSS2: 5.5
EPSS Низкий

Описание

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 3.2.0 (включая) до 4.8.11 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.9.0 (включая) до 4.9.6 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.10.0 (включая) до 4.10.2 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03388
Низкий

4.2 Medium

CVSS3

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-22
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2019-3880

CVSS3: 5.4
ubuntu
почти 7 лет назад

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

redhat логотип

CVE-2019-3880

CVSS3: 4.2
redhat
почти 7 лет назад

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

debian логотип

CVE-2019-3880

CVSS3: 5.4
debian
почти 7 лет назад

A flaw was found in the way samba implemented an RPC endpoint emulatin ...

suse-cvrf логотип

openSUSE-SU-2019:1292-1

suse-cvrf
почти 7 лет назад

Security update for samba

suse-cvrf логотип

openSUSE-SU-2019:1180-1

suse-cvrf
почти 7 лет назад

Security update for samba

EPSS

Процентиль: 87%
0.03388
Низкий

4.2 Medium

CVSS3

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-22
CWE-22