Samba CVE-2019-3870 Local Insecure File Permissions Vulnerability

Samba is prone to a local insecure-file-permissions vulnerability.

A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks.

Information

Bugtraq ID: 107798
Class: Design Error
CVE: CVE-2019-3870

Remote: No
Local: Yes
Published: Apr 08 2019 12:00AM
Updated: Apr 08 2019 12:00AM
Credit: Björn Baumbach
Vulnerable: Samba Samba 4.10.1
Samba Samba 4.9.5
Samba Samba 4.9.4
Samba Samba 4.9.3
Samba Samba 4.9.2
Samba Samba 4.9.1
Samba Samba 4.9
Samba Samba 4.10

Not Vulnerable: Samba Samba 4.10.2
Samba Samba 4.9.6

Exploit

An attacker can exploit this issue using readily available tools.

References:

• Bug 1689010 (CVE-2019-3870) - CVE-2019-3870 samba: World writable files in Samba (Samba)
  
• CVE-2019-3870 (Red Hat Bugzilla)
  
• CVE-2019-3870 [SECURITY] pysmbd: missing restoration of original umask after uma (Samba)
  
• Samba Homepage (Samba)
  
• World writable files in Samba AD DC private/ dir (Samba)
  

Source: www.securityfocus.com