CVE-2019-10197

CRITICAL9.1EPSS 4.8%

samba - security update

發布日:2019/9/3修改日:2026/4/28

描述

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

受影響套件(3)

Alpine/sambafrom 0, < 4.10.8-r0
Debian/sambafrom 0, < 2:4.9.13+dfsg-1
Debian/sambafrom 0, < 2:4.9.5+dfsg-5+deb10u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-10197
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-10197