The Samba-Bugzilla – Attachment 15018 Details for
Bug 13834
CVE-2019-3870 [SECURITY] pysmbd: missing restoration of original umask after umask(0)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory with CVE (v5)
CVE-2019-3870-advisory-05.txt (text/plain), 2.65 KB, created by
Andrew Bartlett
on 2019-03-29 04:26:32 UTC
(
hide
)
Description:
advisory with CVE (v5)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-03-29 04:26:32 UTC
Size:
2.65 KB
patch
obsolete
>=========================================================== >== Subject: World writable files in Samba AD DC private/ dir >== >== CVE ID#: CVE-2019-3870 >== >== Versions: Samba 4.9 and later >== >== Summary: During the provision of a new Active Directory > DC, some files in the private/ directory are > created world-writable. >=========================================================== > >=========== >Description >=========== > >During the creation of a new Samba AD DC, files are created in a the >private/ subdirectory of our install location. This directory is >typically mode 0700, that is owner (root) only access. However in >some upgraded installations it will have other permissions, such as >0755, because this was the default before Samba 4.8. > >Within this directory files are created with mode 0666, >that is world-writable, including a sample krb5.conf and the list of >DNS names and servicePrincipalName values to update. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.9.6 and 4.10.2 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H > >This score is calculated based on modification to the dns_update_list or >spn_update_list files in a default configuration. > >Administrators who rely on these files in other ways might have a higher score. >For example, the sample krb5.conf might be read as input to Kerberos tools or >used as the system-wide krb5.conf (potentially via a symlink). > >=============================== >Required steps (and workaround) >=============================== > >Upgrading Samba will not change the file or directory permissions for >an existing installation, it will just avoid the issue for new >installations. > >Assuming Samba is installed in the default location as root run: > > chmod 0700 /usr/local/samba/private > >The private directory can be found in the listing from > smbd -b| grep PRIVATE_DIR > >Alternatively remove world-write permission from any files with: > chmod o-w /usr/local/samba/private/* > >======= >Credits >======= > >Originally reported by Björn Baumbach of the Samba Team and SerNet. > >Patches provided by Andrew Bartlett of the Samba Team and Catalyst, >advisory written by Andrew Bartlett of the Samba Team and Catalyst. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >========================================================== >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15018">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
dbagnall
:
review+
abartlet
:
review+
Actions:
View
Attachments on
bug 13834
:
14923
|
14928
|
14929
|
14930
|
14931
|
14932
|
14968
|
14985
|
14986
|
14987
|
14988
|
14989
|
14990
|
14995
|
15018
|
15029