Synology-SA-19:15 Samba

Publish Time: 2019-04-09 18:15:46 UTC+8

Last Updated: 2019-05-15 17:44:41 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

CVE-2019-3880 allows remote authenticated users to create arbitrary files or obtain sensitive information via a susceptible version of DiskStation Manager (DSM) and Synology Router Manager (SRM).

None of Synology products are affected by CVE-2019-3870 as the vulnerability only affect Samba 4.9.0 and later.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Ongoing
DSM 6.1 Moderate Will be fixed in DSM 6.2.
DSM 5.2 Moderate Will be fixed in DSM 6.2.
SkyNAS Moderate Ongoing
VS960HD Moderate Ongoing
SRM 1.2 Moderate Ongoing
Active Directory Server Not affected N/A

Mitigation

None

Detail

  • CVE-2019-3870

    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
  • CVE-2019-3880

    • Severity: Moderate
    • CVSS3 Base Score: 6.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    • A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

Reference

Revision

Revision Date Description
1 2019-04-09 Initial public release.
2 2019-05-15 Disclosed vulnerability details.