Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 693558 (CVE-2019-10197) - <net-fs/samba-{4.9.13,4.10.8}: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197)
Summary: <net-fs/samba-{4.9.13,4.10.8}: Combination of parameters and permissions can ...
Status: CONFIRMED
Alias: CVE-2019-10197
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [stable glsa+ cve]
Keywords: STABLEREQ
: 712252 (view as bug list)
Depends on: 699668
Blocks: 703208 CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857 686036
  Show dependency tree
 
Reported: 2019-09-05 16:27 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-28 18:50 UTC (History)
4 users (show)

See Also:
Package list:
=net-fs/samba-4.11.6-r2 =sys-libs/ldb-2.0.8 =sys-libs/talloc-2.3.1 =sys-libs/tdb-1.4.3 =sys-libs/tevent-0.10.2 =dev-util/lttng-ust-2.8.1 =dev-libs/userspace-rcu-0.10.1 sparc
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-09-05 16:27:54 UTC
CVE-2019-10197 (https://nvd.nist.gov/vuln/detail/CVE-2019-10197):
  A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to
  4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in
  the samba configuration file. An unauthenticated attacker could use this
  flaw to escape the shared directory and access the contents of directories
  outside the share.
Comment 1 Larry the Git Cow gentoo-dev 2019-09-06 07:10:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c17eeecbb77bd4261551766336a0e7a853fa490b

commit c17eeecbb77bd4261551766336a0e7a853fa490b
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-09-06 07:10:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-09-06 07:10:03 +0000

    net-fs/samba: Security bump to versions 4.9.13 and 4.10.8
    
    Bug: https://bugs.gentoo.org/693558
    Package-Manager: Portage-2.3.75, Repoman-2.3.17
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest            |   2 +
 net-fs/samba/samba-4.10.8.ebuild | 314 +++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.9.13.ebuild | 307 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 623 insertions(+)
Comment 2 Thomas Deutschmann gentoo-dev Security 2019-10-26 13:40:55 UTC
@ maintainer(s): Please call for stabilization! Note that 4.11.1 is first stable release so I would suggest jumping to =net-fs/samba-4.11.1!
Comment 3 Sam James (sam_c) (security padawan) 2020-03-01 18:35:20 UTC
@ maintainers: ping.
Comment 4 Ben Kohler gentoo-dev 2020-03-02 13:05:20 UTC
What do you need from us? Stabilization is ongoing in bug 704998
Comment 5 Sam James (sam_c) (security padawan) 2020-03-02 14:13:49 UTC
(In reply to Ben Kohler from comment #4)
> What do you need from us? Stabilization is ongoing in bug 704998

Did not catch a new bug had been filed (I had assumed that 4.9.x or 4.10.x could be stablised with a fix). 4.11.x is fine
Comment 6 Jory A. Pratt gentoo-dev 2020-03-12 15:34:58 UTC
*** Bug 712252 has been marked as a duplicate of this bug. ***
Comment 7 Sam James (sam_c) (security padawan) 2020-03-12 17:30:15 UTC
Tested on arm64 (=net-fs/samba-4.11.6-r2) at request of Soap with a few shares. Built and worked fine.

Was not able to run tests due to RESTRICT in ebuild.
Comment 8 Thomas Deutschmann gentoo-dev Security 2020-03-25 16:19:00 UTC
Added to an existing GLSA.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2020-03-25 16:37:06 UTC
This issue was resolved and addressed in
 GLSA 202003-52 at https://security.gentoo.org/glsa/202003-52
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 10 Thomas Deutschmann gentoo-dev Security 2020-03-25 16:38:26 UTC
Re-opening for remaining architectures.
Comment 11 Rolf Eike Beer 2020-03-26 18:03:14 UTC
samba dropped to ~hppa, the remaining libs will be stabilized as needed. sparc stable.
Comment 12 Larry the Git Cow gentoo-dev 2020-03-26 18:54:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6b3622c3f0671c5f53f415c461dd3792e6fb388

commit d6b3622c3f0671c5f53f415c461dd3792e6fb388
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-03-26 18:53:42 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-26 18:54:11 +0000

    net-fs/samba (and deps): Stable for arm64
    
    Tested-by: sam_c (Security Padawan) <sam@cmpct.info>
    Bug: https://bugs.gentoo.org/693558
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/samba-4.11.6-r2.ebuild  | 2 +-
 sys-libs/ldb/ldb-2.0.8.ebuild        | 2 +-
 sys-libs/talloc/talloc-2.3.1.ebuild  | 2 +-
 sys-libs/tdb/tdb-1.4.3.ebuild        | 2 +-
 sys-libs/tevent/tevent-0.10.2.ebuild | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)
Comment 13 Larry the Git Cow gentoo-dev 2020-03-26 19:06:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83b750b0219c89cfb129250989508218559ac863

commit 83b750b0219c89cfb129250989508218559ac863
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-03-26 18:58:47 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-26 19:06:33 +0000

    net-fs/samba: Security cleanup
    
    Bug: https://bugs.gentoo.org/693558
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest                              |  10 -
 net-fs/samba/files/nmbd.service                    |  12 -
 .../samba-4.10.0-disable_gnutls_build_fix.patch    |  32 ---
 .../samba/files/samba-4.5.1-compile_et_fix.patch   |  16 --
 .../files/samba-4.8.6-no-pydsdb-when-no-addc.patch |  36 ---
 net-fs/samba/files/samba-glibc-2.26-no_rpc.patch   |  14 -
 net-fs/samba/files/samba.service                   |  10 -
 net-fs/samba/files/smbd.service                    |  12 -
 net-fs/samba/files/smbd.socket                     |   9 -
 net-fs/samba/files/smbd_at.service                 |   7 -
 net-fs/samba/files/talloc-disable-python.patch     |  34 ---
 net-fs/samba/files/winbindd.service                |  12 -
 net-fs/samba/samba-4.10.11.ebuild                  | 317 ---------------------
 net-fs/samba/samba-4.10.13.ebuild                  | 317 ---------------------
 net-fs/samba/samba-4.10.2-r1.ebuild                | 310 --------------------
 net-fs/samba/samba-4.11.4.ebuild                   | 313 --------------------
 net-fs/samba/samba-4.11.6.ebuild                   | 313 --------------------
 net-fs/samba/samba-4.5.16-r1.ebuild                | 297 -------------------
 net-fs/samba/samba-4.8.12.ebuild                   | 306 --------------------
 net-fs/samba/samba-4.8.6-r4.ebuild                 | 290 -------------------
 net-fs/samba/samba-4.8.6-r5.ebuild                 | 304 --------------------
 net-fs/samba/samba-4.9.17.ebuild                   | 310 --------------------
 net-fs/samba/samba-4.9.18.ebuild                   | 310 --------------------
 23 files changed, 3591 deletions(-)