what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2019-10218

Status Candidate

Overview

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Related Files

Red Hat Security Advisory 2020-1878-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1878-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-10197, CVE-2019-10218, CVE-2019-14907
SHA-256 | b758726fc3dce1df9cf3678855e1f4627e7cead9fa6c32ac4e71014542d6e216
Red Hat Security Advisory 2020-1084-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1084-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-10197, CVE-2019-10218
SHA-256 | 7659b09d14aa50b4555dd269f0fcd7b7a94baa59c950ce2148deab5166d174e9
Red Hat Security Advisory 2020-0943-01
Posted Mar 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0943-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and various information. The Samba packages have been upgraded to upstream version 4.10.4, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-10218, CVE-2019-14907
SHA-256 | 271e4ed1417c47864bce4636b7fbd69dec3e8f00fc38cb11abd4401e37c6655a
Ubuntu Security Notice USN-4167-2
Posted Oct 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4167-2 - USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Various other issues were also addressed.

tags | advisory, remote, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-10218, CVE-2019-14847
SHA-256 | b5fb0142cc993c986386d3ffec9da13cd0602f1b07d4c30053d11a3bbcb90d49
Ubuntu Security Notice USN-4167-1
Posted Oct 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4167-1 - Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. Simon Fonteneau and Bjoern Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. Various other issues were also addressed.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2019-10218, CVE-2019-14833, CVE-2019-14847
SHA-256 | ef19bb6d0495cb9e8b6742c4abe83117b6c43a9bc24e0152f873865b854071c3
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close