Menü Schließen

Samba 4.10.2 – 4.9.6 – 4.8.11 Security Release

Samba Logo

Die Entwickler des beliebten Open-Source Dateiserver und Domaincontroller für Linux, haben ein Security Release für die aktuellen Zweige veröffentlicht. Das Update behebt die gefundenen Sicherheitsprobleme laut CVE-2019-3870 und CVE-2019-3880.

Samba Security Update CVE-2019-3870

During the creation of a new Samba AD DC, files are created in a the private/ subdirectory of our install location.  
This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8.
Within this directory files are created with mode 0666, that is world-writable, including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update.

Samba Security Update CVE-2019-3870

Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, "winreg_SaveKey", is susceptible to a path/symlink traversal vulnerability. Unprivileged users can use it to create a new registry hive file anywhere they have unix permissions to create a new file within a Samba share. If they are able to create symlinks on a Samba share, they can create a new registry hive file anywhere they have write access, even outside a Samba share definition. 
Note - existing share restrictions such as "read only" or share ACLs do *not* prevent new registry hive files being written to the filesystem. A file may be written under any share definition wherever the user has unix permissions to create a file.
Existing files cannot be overwritten using this vulnerability, only new registry hive files can be created, however the presence of existing files with a specific name can be detected.
Samba writes or detects the file as the authenticated user, not as root.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert