TTCSIRT-205.040919: TT-CSIRT Advisory – Samba Security Updates
Samba Team has released a security update stating that Samba contains an RPC endpoint emulating the Windows registry service API. One of the requests, “winreg_SaveKey”, is susceptible to a path/symlink traversal vulnerability.
Unprivileged users can use it to create a new registry hive file anywhere as they have unix permissions to create a new file within a Samba share. If they are able to create symlinks on a Samba share, they can create a new registry hive file anywhere they have write access, even outside a Samba share definition.
| Further information on this vulnerability and how it can be mitigated can be found on the Samba Website at https://www.samba.org/samba/security/CVE-2019-3880.html |