CVE-2019-9579
Last modified
CVE-2019-9579 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. EPSS estimates a 0.50% chance of exploitation in the next 30 days.
Description
An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Illumos | Illumos | All versions |
| Oracle | Solaris | 11 |
References
- https://www.illumos.org/issues/10506Mitigation, Patch, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
- https://www.illumos.org/issues/10506Mitigation, Patch, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9579?
How severe is CVE-2019-9579?
How do I fix CVE-2019-9579?
Are you affected by CVE-2019-9579?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST