Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-145A3E17-CEA2-11E9-81E2-005056A311D1 (CVE-2019-10197): samba -- combination of parameters and permissions can allow user to escape from the share path definition

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

FreeBSD: VID-145A3E17-CEA2-11E9-81E2-005056A311D1 (CVE-2019-10197): samba -- combination of parameters and permissions can allow user to escape from the share path definition

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
09/01/2019
Created
09/05/2019
Added
09/04/2019
Modified
09/17/2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-145A3E17-CEA2-11E9-81E2-005056A311D1:

The samba project reports:

On a Samba SMB server for all versions of Samba from 4.9.0 clients are

able to escape outside the share root directory if certain

configuration parameters set in the smb.conf file.

Solution(s)

  • freebsd-upgrade-package-samba410

References

  • CVE-2019-10197

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;