CVE-2015-5252
Published: 16 December 2015
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Notes
| Author | Note |
|---|---|
| mdeslaur | says 3.0.0 to 4.3.2 3.6 patch in upstream bug original patch introduced a regression, see usn-2855-2 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
samba Launchpad, Ubuntu, Debian |
precise |
Released
(2:3.6.3-2ubuntu2.13)
|
| trusty |
Released
(2:4.1.6+dfsg-1ubuntu2.14.04.11)
|
|
| upstream |
Released
(4.3.3,4.2.7,4.1.22)
|
|
| vivid |
Released
(2:4.1.13+dfsg-4ubuntu3.1)
|
|
| wily |
Released
(2:4.1.17+dfsg-4ubuntu3.1)
|
|
| xenial |
Released
(2:4.3.3+dfsg-1ubuntu1)
|
|
| yakkety |
Released
(2:4.3.3+dfsg-1ubuntu1)
|
|
| zesty |
Released
(2:4.3.3+dfsg-1ubuntu1)
|
|
|
Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=f0cb216f6385460d4d3c728257baaaa26a95c5d1 |
||
|
samba4 Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.3.3,4.2.7,4.1.22)
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.2 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |