Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 693558 (CVE-2019-10197)

Summary: <net-fs/samba-{4.9.13,4.10.8}: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bkohler, hydrapolic, sam, samba
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa+ cve]
Package list:
=net-fs/samba-4.11.6-r2 =sys-libs/ldb-2.0.8 =sys-libs/talloc-2.3.1 =sys-libs/tdb-1.4.3 =sys-libs/tevent-0.10.2 =dev-util/lttng-ust-2.8.1 =dev-libs/userspace-rcu-0.10.1 sparc
Runtime testing required: ---
Bug Depends on: 699668    
Bug Blocks: 672140, 686036, 703208    

Description GLSAMaker/CVETool Bot gentoo-dev 2019-09-05 16:27:54 UTC
CVE-2019-10197 (https://nvd.nist.gov/vuln/detail/CVE-2019-10197):
  A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to
  4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in
  the samba configuration file. An unauthenticated attacker could use this
  flaw to escape the shared directory and access the contents of directories
  outside the share.
Comment 1 Larry the Git Cow gentoo-dev 2019-09-06 07:10:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c17eeecbb77bd4261551766336a0e7a853fa490b

commit c17eeecbb77bd4261551766336a0e7a853fa490b
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-09-06 07:10:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-09-06 07:10:03 +0000

    net-fs/samba: Security bump to versions 4.9.13 and 4.10.8
    
    Bug: https://bugs.gentoo.org/693558
    Package-Manager: Portage-2.3.75, Repoman-2.3.17
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest            |   2 +
 net-fs/samba/samba-4.10.8.ebuild | 314 +++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.9.13.ebuild | 307 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 623 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-26 13:40:55 UTC
@ maintainer(s): Please call for stabilization! Note that 4.11.1 is first stable release so I would suggest jumping to =net-fs/samba-4.11.1!
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-01 18:35:20 UTC
@ maintainers: ping.
Comment 4 Ben Kohler gentoo-dev 2020-03-02 13:05:20 UTC
What do you need from us? Stabilization is ongoing in bug 704998
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-02 14:13:49 UTC
(In reply to Ben Kohler from comment #4)
> What do you need from us? Stabilization is ongoing in bug 704998

Did not catch a new bug had been filed (I had assumed that 4.9.x or 4.10.x could be stablised with a fix). 4.11.x is fine
Comment 6 Jory A. Pratt gentoo-dev 2020-03-12 15:34:58 UTC
*** Bug 712252 has been marked as a duplicate of this bug. ***
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-12 17:30:15 UTC
Tested on arm64 (=net-fs/samba-4.11.6-r2) at request of Soap with a few shares. Built and worked fine.

Was not able to run tests due to RESTRICT in ebuild.
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 16:19:00 UTC
Added to an existing GLSA.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:37:06 UTC
This issue was resolved and addressed in
 GLSA 202003-52 at https://security.gentoo.org/glsa/202003-52
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-25 16:38:26 UTC
Re-opening for remaining architectures.
Comment 11 Rolf Eike Beer archtester 2020-03-26 18:03:14 UTC
samba dropped to ~hppa, the remaining libs will be stabilized as needed. sparc stable.
Comment 12 Larry the Git Cow gentoo-dev 2020-03-26 18:54:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6b3622c3f0671c5f53f415c461dd3792e6fb388

commit d6b3622c3f0671c5f53f415c461dd3792e6fb388
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-03-26 18:53:42 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-26 18:54:11 +0000

    net-fs/samba (and deps): Stable for arm64
    
    Tested-by: sam_c (Security Padawan) <sam@cmpct.info>
    Bug: https://bugs.gentoo.org/693558
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/samba-4.11.6-r2.ebuild  | 2 +-
 sys-libs/ldb/ldb-2.0.8.ebuild        | 2 +-
 sys-libs/talloc/talloc-2.3.1.ebuild  | 2 +-
 sys-libs/tdb/tdb-1.4.3.ebuild        | 2 +-
 sys-libs/tevent/tevent-0.10.2.ebuild | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)
Comment 13 Larry the Git Cow gentoo-dev 2020-03-26 19:06:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83b750b0219c89cfb129250989508218559ac863

commit 83b750b0219c89cfb129250989508218559ac863
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-03-26 18:58:47 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-26 19:06:33 +0000

    net-fs/samba: Security cleanup
    
    Bug: https://bugs.gentoo.org/693558
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest                              |  10 -
 net-fs/samba/files/nmbd.service                    |  12 -
 .../samba-4.10.0-disable_gnutls_build_fix.patch    |  32 ---
 .../samba/files/samba-4.5.1-compile_et_fix.patch   |  16 --
 .../files/samba-4.8.6-no-pydsdb-when-no-addc.patch |  36 ---
 net-fs/samba/files/samba-glibc-2.26-no_rpc.patch   |  14 -
 net-fs/samba/files/samba.service                   |  10 -
 net-fs/samba/files/smbd.service                    |  12 -
 net-fs/samba/files/smbd.socket                     |   9 -
 net-fs/samba/files/smbd_at.service                 |   7 -
 net-fs/samba/files/talloc-disable-python.patch     |  34 ---
 net-fs/samba/files/winbindd.service                |  12 -
 net-fs/samba/samba-4.10.11.ebuild                  | 317 ---------------------
 net-fs/samba/samba-4.10.13.ebuild                  | 317 ---------------------
 net-fs/samba/samba-4.10.2-r1.ebuild                | 310 --------------------
 net-fs/samba/samba-4.11.4.ebuild                   | 313 --------------------
 net-fs/samba/samba-4.11.6.ebuild                   | 313 --------------------
 net-fs/samba/samba-4.5.16-r1.ebuild                | 297 -------------------
 net-fs/samba/samba-4.8.12.ebuild                   | 306 --------------------
 net-fs/samba/samba-4.8.6-r4.ebuild                 | 290 -------------------
 net-fs/samba/samba-4.8.6-r5.ebuild                 | 304 --------------------
 net-fs/samba/samba-4.9.17.ebuild                   | 310 --------------------
 net-fs/samba/samba-4.9.18.ebuild                   | 310 --------------------
 23 files changed, 3591 deletions(-)
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-02 08:57:09 UTC
Tree is clean, glsa done, closing.