SB2020042833 - Red Hat Enterprise Linux 8 update for samba

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10197)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to an error related to caching of responses when the 'wide links' option is explicitly set to 'yes' and either 'unix extensions = no' or 'allow insecure wide links = yes' is set in addition. A remote attacker can that does not have access to a share can send a series of request to an SMB share and gain access to the global root directory on the system.

Successful exploitation of the vulnerability may allow an attacker to read or modify arbitrary files on the system. Note, that unix permissions enforced by kernel will still apply.

2) Path traversal (CVE-ID: CVE-2019-10218)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.

Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.

3) Improper input validation (CVE-ID: CVE-2019-14907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of certain user-controlled string, if logging is enabled at level 3 or above. A remote attacker can send specially crafted data to the Samba DC and terminate Samba RPC server.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:1878