SB2020032708 - Red Hat Gluster Storage 3 update for samba 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020032708

SB2020032708 - Red Hat Gluster Storage 3 update for samba

Published: March 27, 2020

Security Bulletin ID SB2020032708
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2019-10218)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.

Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.


2) Improper input validation (CVE-ID: CVE-2019-14907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of certain user-controlled string, if logging is enabled at level 3 or above. A remote attacker can send specially crafted data to the Samba DC and terminate Samba RPC server.

Remediation

Install update from vendor's website.

References