enterprise-support team mailing list archive

Thread
Date

[Bug 1842533] [NEW] CVE-2019-10197 restricted share escape by user

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <1842533@xxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Sep 2019 02:28:18 -0000
Reply-to: Bug 1842533 <1842533@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

samba (2:4.10.7+dfsg-0ubuntu2) eoan; urgency=medium

  * SECURITY UPDATE: restricted share escape by user
    - debian/patches/CVE-2019-10197-01-v4-10.patch: smbd: separate
      out impersonation debug info into a new function.
    - debian/patches/CVE-2019-10197-02-v4-10.patch: smbd: make sure that
      change_to_user_internal() always resets current_user.done_chdir
    - debian/patches/CVE-2019-10197-03-v4-10.patch: smbd: make sure we
      reset current_user.{need,done}_chdir in become_root()
    - debian/patches/CVE-2019-10197-04-v4-10.patch: selftest: make
      fsrvp_share its own independent subdirectory
    - debian/patches/CVE-2019-10197-05-v4-10.patch:
      test_smbclient_s3.sh: add regression test for the no permission
      on share root problem
    - debian/patches/CVE-2019-10197-06-v4-10.patch: smbd: split
      change_to_user_impersonate() out of change_to_user_internal()
    - CVE-2019-10197

 -- Steve Beattie <sbeattie@xxxxxxxxxx>  Fri, 30 Aug 2019 11:07:19 -0700

** Affects: samba
     Importance: Unknown
         Status: Unknown

** Affects: samba (Ubuntu)
     Importance: Undecided
     Assignee: Bryce Harrington (bryce)
         Status: In Progress

** Bug watch added: Samba Bugzilla #14035
   https://bugzilla.samba.org/show_bug.cgi?id=14035

** Also affects: samba via
   https://bugzilla.samba.org/show_bug.cgi?id=14035
   Importance: Unknown
       Status: Unknown

** Information type changed from Public to Private Security

** Changed in: samba (Ubuntu)
       Status: New => In Progress

** Changed in: samba (Ubuntu)
     Assignee: (unassigned) => Bryce Harrington (bryce)

** Summary changed:

- CVE-2019-10197
+ CVE-2019-10197 restricted share escape by user

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1842533

Title:
  CVE-2019-10197 restricted share escape by user

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1842533/+subscriptions

Follow ups

[Bug 1842533] Re: CVE-2019-10197 restricted share escape by user
From: Launchpad Bug Tracker, 2019-09-04