CVE-2019-3880

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-3880
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3880.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3880
Downstream
Related
Published
2019-04-09T16:29:01.927Z
Modified
2026-04-10T04:15:26.039287Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
a5d2b6a0228634dda3e495e0cf86db551b11e4d7
Fixed
b7e91b13d4db1ca4237077c307c4b868ba553da2
Introduced
4fc4ae2924aaa2fc184b7385069274526fa8a4c2
Fixed
dd7b68d11c0c51033cdac339ee511acbd7750ce3
Introduced
25f2fe02a615e2cf906b6fa495acd8ea0aa9998a
Fixed
17cd92e1c3672c4ffde7ca94546f57907d22262b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4fba936a8ab9afbdb7eaf2789d57850fbec35a77
Database specific 
{
    "versions": [
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "4.8.11"
        },
        {
            "introduced": "4.9.0"
        },
        {
            "fixed": "4.9.6"
        },
        {
            "introduced": "4.10.0"
        },
        {
            "fixed": "4.10.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0"
        }
    ]
}

Affected versions

ldb-1.*
ldb-1.1.0
ldb-1.1.10
ldb-1.1.11
ldb-1.1.12
ldb-1.1.13
ldb-1.1.14
ldb-1.1.15
ldb-1.1.16
ldb-1.1.17
ldb-1.1.18
ldb-1.1.19
ldb-1.1.2
ldb-1.1.20
ldb-1.1.21
ldb-1.1.22
ldb-1.1.23
ldb-1.1.25
ldb-1.1.26
ldb-1.1.27
ldb-1.1.28
ldb-1.1.29
ldb-1.1.3
ldb-1.1.30
ldb-1.1.31
ldb-1.1.4
ldb-1.1.5
ldb-1.1.6
ldb-1.1.8
ldb-1.1.9
ldb-1.2.0
ldb-1.2.1
ldb-1.2.2
ldb-1.3.0
ldb-1.3.1
ldb-1.3.3
ldb-1.3.4
ldb-1.3.6
ldb-1.3.7
ldb-1.3.8
ldb-1.4.3
ldb-1.4.4
ldb-1.4.5
ldb-1.4.6
samba-4.*
samba-4.0.0alpha10
samba-4.0.0alpha17
samba-4.0.0alpha18
samba-4.0.0alpha19
samba-4.0.0alpha20
samba-4.0.0alpha21
samba-4.0.0alpha6
samba-4.0.0alpha7
samba-4.0.0alpha8
samba-4.0.0alpha9
samba-4.0.0beta1
samba-4.0.0beta2
samba-4.0.0beta3
samba-4.0.0beta4
samba-4.0.0beta5
samba-4.0.0beta6
samba-4.0.0beta7
samba-4.0.0beta8
samba-4.0.0rc1
samba-4.10.0
samba-4.10.1
samba-4.2.0rc1
samba-4.3.0rc1
samba-4.4.0rc1
samba-4.5.0rc1
samba-4.6.0rc1
samba-4.7.0rc1
samba-4.8.0
samba-4.8.0rc1
samba-4.8.0rc2
samba-4.8.0rc3
samba-4.8.0rc4
samba-4.8.1
samba-4.8.10
samba-4.8.2
samba-4.8.3
samba-4.8.5
samba-4.8.6
samba-4.8.8
samba-4.8.9
samba-4.9.0
samba-4.9.1
samba-4.9.2
samba-4.9.4
samba-4.9.5
Other
samba-misc-tags/samba-3-0-split
talloc-1.*
talloc-1.3.1
talloc-2.*
talloc-2.0.0
talloc-2.0.7
talloc-2.0.8
talloc-2.1.0
talloc-2.1.1
talloc-2.1.10
talloc-2.1.11
talloc-2.1.2
talloc-2.1.3
talloc-2.1.4
talloc-2.1.5
talloc-2.1.6
talloc-2.1.7
talloc-2.1.8
talloc-2.1.9
tdb-1.*
tdb-1.1.5
tdb-1.2.0
tdb-1.2.1
tdb-1.2.10
tdb-1.2.11
tdb-1.2.12
tdb-1.2.13
tdb-1.3.0
tdb-1.3.1
tdb-1.3.10
tdb-1.3.11
tdb-1.3.12
tdb-1.3.13
tdb-1.3.14
tdb-1.3.15
tdb-1.3.2
tdb-1.3.3
tdb-1.3.4
tdb-1.3.5
tdb-1.3.6
tdb-1.3.7
tdb-1.3.8
tdb-1.3.9
tevent-0.*
tevent-0.9.11
tevent-0.9.12
tevent-0.9.13
tevent-0.9.14
tevent-0.9.15
tevent-0.9.16
tevent-0.9.17
tevent-0.9.18
tevent-0.9.19
tevent-0.9.20
tevent-0.9.21
tevent-0.9.22
tevent-0.9.23
tevent-0.9.24
tevent-0.9.25
tevent-0.9.26
tevent-0.9.27
tevent-0.9.28
tevent-0.9.29
tevent-0.9.30
tevent-0.9.31
tevent-0.9.32
tevent-0.9.33
tevent-0.9.34
tevent-0.9.35
tevent-0.9.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3880.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "28"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "29"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "42.3"
            }
        ]
    }
]