[3.6] samba: Save registry file outside share as unprivileged user (CVE-2019-3880)

Samba contains an RPC endpoint emulating the Windows registry service
API. One of the requests, “winreg_SaveKey”, is susceptible to a
path/symlink traversal vulnerability. Unprivileged users can use it to
create a new registry hive file anywhere they have unix permissions to
create a new file within a Samba share. If they are able to create
symlinks on a Samba share, they can create a new registry hive file
anywhere they have write access, even outside a Samba share
definition.

Affected Versions:

All versions of samba since samba 3.2.0

Fixed In Version:

samba 4.8.11, 4.9.6 and 4.10.2

References:

https://www.samba.org/samba/security/CVE-2019-3880.html
https://www.samba.org/samba/history/security.html

Patch:

https://download.samba.org/pub/samba/patches/security/samba-4.8.10-security-2019-04-08.patch

(from redmine: issue id 10250, created on 2019-04-15, closed on 2019-04-18)

Relations:
- parent #10246 (closed)
Changesets:
- Revision 95d4fe44 on 2019-04-17T09:19:32Z:

main/samba: security fix (CVE-2019-3880)

Fixes #10250

Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information