Allele Security Alert
ASA-2019-00620
Identifier(s)
ASA-2019-00620, CVE-2019-10218
Title
Client code can return filenames containing path separators
Vendor(s)
The Samba Project
Product(s)
Samba
Affected version(s)
Samba versions before 4.11.2
Samba versions before 4.10.10
Samba versions before 4.9.15
Fixed version(s)
Samba version 4.11.2
Samba version 4.10.10
Samba version 4.9.15
Proof of concept
Unknown
Description
Samba client code (libsmbclient) returns server-supplied filenames to calling code without checking for pathname separators (such as “/” or “../”) in the server returned names.
A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames.
This access is done using the local privileges of the client.
This attack can be achieved using any of SMB1/2/3 as it is not reliant on any specific SMB protocol version.
Technical details
Unknown
Credits
Michael Hanselmann
Reference(s)
Samba – Security Updates and Information
https://www.samba.org/samba/history/security.html
Client code can return filenames containing path separators
https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218
CVE-2019-10218
https://nvd.nist.gov/vuln/detail/CVE-2019-10218
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 5, 2019