Vulnerability Description
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | < 4.9.15 |
| Fedoraproject | Fedora | 29 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.samba.org/samba/security/CVE-2019-10218.htmlVendor Advisory
- https://www.synology.com/security/advisory/Synology_SA_19_35
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2019-10218?
CVE-2019-10218 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the cli...
How severe is CVE-2019-10218?
CVE-2019-10218 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10218?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Fedoraproject Fedora.