Red Hat Gluster Storage 3 update for samba
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-10218 CVE-2019-14907 |
| CWE-ID | CWE-22 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
samba (Red Hat package) Operating systems & Components / Operating system package or component libtevent (Red Hat package) Operating systems & Components / Operating system package or component libtdb (Red Hat package) Operating systems & Components / Operating system package or component libtalloc (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU22329
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-10218
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.
Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.
Install updates from vendor's website.
samba (Red Hat package): 4.2.4-9.1.el7rhgs - 4.9.8-109.el7rhgs
libtevent (Red Hat package): 0.9.26-1.el7rhgs - 0.9.37-3.el7rhgs
libtdb (Red Hat package): 1.3.8-1.el7rhgs - 1.3.16-3.el7rhgs
libtalloc (Red Hat package): 2.1.5-1.el7rhgs - 2.1.14-3.el7rhgs
CPE2.3- cpe:2.3:o:red_hat:samba_redhat_package:4.2.4-9.1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:samba_redhat_package:4.2.4-15.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:samba_redhat_package:4.2.11-2.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtevent_redhat_package:0.9.26-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtevent_redhat_package:0.9.35-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtevent_redhat_package:0.9.37-3.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtdb_redhat_package:1.3.8-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtdb_redhat_package:1.3.15-4.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtdb_redhat_package:1.3.16-3.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtalloc_redhat_package:2.1.5-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2020:0943
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU24466
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-14907
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of certain user-controlled string, if logging is enabled at level 3 or above. A remote attacker can send specially crafted data to the Samba DC and terminate Samba RPC server. MitigationInstall updates from vendor's website.
samba (Red Hat package): 4.2.4-9.1.el7rhgs - 4.9.8-109.el7rhgs
libtevent (Red Hat package): 0.9.26-1.el7rhgs - 0.9.37-3.el7rhgs
libtdb (Red Hat package): 1.3.8-1.el7rhgs - 1.3.16-3.el7rhgs
libtalloc (Red Hat package): 2.1.5-1.el7rhgs - 2.1.14-3.el7rhgs
CPE2.3- cpe:2.3:o:red_hat:samba_redhat_package:4.2.4-9.1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:samba_redhat_package:4.2.4-15.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:samba_redhat_package:4.2.11-2.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtevent_redhat_package:0.9.26-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtevent_redhat_package:0.9.35-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtevent_redhat_package:0.9.37-3.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtdb_redhat_package:1.3.8-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtdb_redhat_package:1.3.15-4.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtdb_redhat_package:1.3.16-3.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:libtalloc_redhat_package:2.1.5-1.el7rhgs:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2020:0943
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
