CVE-2019-10197 — samba - security update

Description

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.

How to fix CVE-2019-10197

To remediate CVE-2019-10197, upgrade the affected package to a fixed version below.

—upgrade to 4.10.8-r0 or later
—upgrade to 2:4.9.13+dfsg-1 or later
—upgrade to 2:4.9.5+dfsg-5+deb10u1 or later

Is CVE-2019-10197 being exploited?

Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 4.10.8-r0
from 0, < 2:4.9.13+dfsg-1
from 0, < 2:4.9.5+dfsg-5+deb10u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2019-10197
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-10197