CVE-2019-3880

Summary

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Affected Software

VendorProductVersion RangeStatus
The Samba Projectsamba4.8.11affected
The Samba Projectsamba4.9.6affected
The Samba Projectsamba4.10.2affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References