Your submission was sent successfully! Close

CVE-2019-3880

Published: 8 April 2019

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.9)
cosmic
Released (2:4.8.4+dfsg-2ubuntu2.3)
precise
Released (2:3.6.25-0ubuntu0.12.04.17)
trusty
Released (2:4.3.11+dfsg-0ubuntu0.14.04.20)
upstream
Released (4.8.11,4.9.6,4.10.2)
xenial
Released (2:4.3.11+dfsg-0ubuntu0.16.04.19)