← voltar
CVE-2019-3880

CVE-2019-3880

CVSS 4.2 MEDIUMEPSS 3.4%CWE-22
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.2EPSS 3.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
09 abr 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Produtos afetados
The Samba Project · samba

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00106.htmlhttps://access.redhat.com/errata/RHSA-2019:1966https://access.redhat.com/errata/RHSA-2019:1967https://access.redhat.com/errata/RHSA-2019:2099https://access.redhat.com/errata/RHSA-2019:3582https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3880https://lists.debian.org/debian-lts-announce/2019/04/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRLRO7BPRFETVFZ4TVJL2VFZEPHKJY4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/https://security.netapp.com/advisory/ntap-20190411-0004/