CVE-2019-3880

Public on 2019-11-04
Modified on 2019-12-19
Description
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share.
Severity
Medium
CVSS v3 Base Score
4.2
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 samba 2019-11-04 22:25 ALAS2-2019-1351
Amazon Linux 1 samba 2019-12-13 21:18 ALAS-2019-1329

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.2 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
NVD CVSSv2 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P
NVD CVSSv3 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L