Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-9579

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).

Published

2022-12-26T20:15:10.383

Last Modified

2025-04-14T17:15:23.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-Other
Type: Secondary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	illumos	illumos	-	Yes
Application	nexenta	nexentastor	4.0.5	No
Application	nexenta	nexentastor	5.1.2	No
Operating System	oracle	solaris	11	Yes

References

https://www.illumos.org/issues/10506 Mitigation, Patch, Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory ([email protected])
https://www.illumos.org/issues/10506 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)