The development team behind Samba issued software updates yesterday in order to patch a pair of vulnerabilities in the free re-implementation of the SMB networking protocol.
The first vulnerability, CVE-2019-3870, occurs in Samba versions 4.9.x upon the provisioning of a new Active Directory domain controller. During this process, some files in the private/ directory are created such that they are world-writable. Discovered by BjÃjrn Baumbach of the Samba Team and SerNet, the flaw is remedied by Samba releases 4.9.6 and 4.10.2.
These same two software releases also fix a second bug, CVE-2019-3880, which was found in all versions of Samba since 3.2.0. Reported by Michael Hanselmann, this problem can allow authenticated users with write permissions to “trigger a symlink traversal to write or detect files outside the Samba share,” according to Samba developers.