CVE-2019-10197
Public on 2019-09-03
Modified on 2020-08-31
Description
A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | samba | 2020-08-26 | ALAS-2020-1424 | Fixed |
| Amazon Linux 2 - Core | samba | 2020-07-14 | ALAS2-2020-1459 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| NVD | CVSSv2 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| NVD | CVSSv3 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |