CVE-2019-3870 : A vulnerability was found in Samba from version (including) 4.9 to versions befo

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

Published 2019-04-09 16:29:02

Updated 2025-01-14 19:29:56

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-3870

Samba » Samba
Versions from including (>=) 4.10.0 and before (<) 4.10.2
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 4.9.0 and before (<) 4.9.6
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions
Synology » Router Manager » Version: 1.2
cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*
Matching versions
Synology » Vs960hd Firmware
Versions before (<) 2.3.6-1720
cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Synology » Vs960hd » Version: N/A
Synology » Diskstation Manager » Version: 5.2
cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*
Matching versions
Synology » Diskstation Manager » Version: 6.1
cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*
Matching versions
Synology » Diskstation Manager » Version: 6.2
cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
Matching versions
Synology » Directory Server » Version: N/A
cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*
Matching versions
Synology » Skynas Firmware » Version: N/A
cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Synology » Skynas » Version: N/A

Threat overview for CVE-2019-3870

Top countries where our scanners detected CVE-2019-3870

Top open port discovered on systems with this issue 21

IPs affected by CVE-2019-3870 8,648

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-3870!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-3870

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-3870

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial
6.1	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	1.8	4.2	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High
6.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	1.8	4.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2019-3870

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2019-3870

https://www.synology.com/security/advisory/Synology_SA_19_15

Synology Inc.
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/

[SECURITY] Fedora 30 Update: samba-4.10.2-0.fc30 - package-announce - Fedora Mailing-Lists
https://www.samba.org/samba/security/CVE-2019-3870.html

Samba - Security Announcement Archive
Mitigation;Patch;Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/

[SECURITY] Fedora 30 Update: samba-4.10.2-0.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/

[SECURITY] Fedora 29 Update: samba-4.9.6-0.fc29 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.samba.org/show_bug.cgi?id=13834

Bug 13834 – CVE-2019-3870 [SECURITY] pysmbd: missing restoration of original umask after umask(0)
Exploit;Issue Tracking;Patch;Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/

[SECURITY] Fedora 29 Update: samba-4.9.6-0.fc29 - package-announce - Fedora Mailing-Lists
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870

1689010 – (CVE-2019-3870) CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
Issue Tracking;Third Party Advisory
https://support.f5.com/csp/article/K20804356

Third Party Advisory

CVEs referencing this url