Path traversal in samba (Alpine package)

1) Path traversal

EUVDB-ID: #VU22329

Risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-10218

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.

Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.

Mitigation

Install update from vendor's website.

Vulnerable software versions

samba (Alpine package): 4.1.3-r0 - 4.8.12-r0

RoboHelp: 0.60.6-r0

CPE2.3

• cpe:2.3:a:alpine:samba_alpine_package:4.1.3-r0:*:*:*:*:alpine_linux:*:2.6
• cpe:2.3:a:alpine:samba_alpine_package:4.1.3-r1:*:*:*:*:alpine_linux:*:2.6
• cpe:2.3:a:alpine:samba_alpine_package:4.1.8-r0:*:*:*:*:alpine_linux:*:2.7
• cpe:2.3:a:adobe:robohelp:0.60.6-r0:*:*:*:*:alpine_linux:*:1.9

External links

https://git.alpinelinux.org/aports/commit/?id=2eff8a828fa8e0df24702602a7a3280016efebf3
https://git.alpinelinux.org/aports/commit/?id=4da1ee1a718f0e9dfd6a6e91f9348fa96a58567d
https://git.alpinelinux.org/aports/commit/?id=b8c29bc4a15eb1bcdc0504834b34f45348972ae1
https://git.alpinelinux.org/aports/commit/?id=1a4e1a61106f66fdcf65ec33a37a99cea23db966

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.