Lucene search

[email protected]CVE-2015-5252

HistoryDec 29, 2015 - 10:59 p.m.

CVE-2015-5252

2015-12-2922:59:01

CWE-264

[email protected]

web.nvd.nist.gov

samba

cve-2015-5252

file access

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

Affected configurations

NVD

Node

sambasambaRange3.0.0–4.1.22

sambasambaRange4.2.0–4.2.7

sambasambaRange4.3.0–4.3.3

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

CPENameOperatorVersion
samba:sambasambalt4.1.22
samba:sambasambalt4.2.7
samba:sambasambalt4.3.3

CPE	Name	Operator	Version
samba:samba	samba	lt	4.1.22
samba:samba	samba	lt	4.2.7
samba:samba	samba	lt	4.3.3

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

www.debian.org/security/2016/dsa-3433

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/79733

www.securitytracker.com/id/1034493

www.ubuntu.com/usn/USN-2855-1

www.ubuntu.com/usn/USN-2855-2

bugzilla.redhat.com/show_bug.cgi?id=1290288

git.samba.org/?p=samba.git%3Ba=commit%3Bh=4278ef25f64d5fdbf432ff1534e275416ec9561e

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

security.gentoo.org/glsa/201612-47

www.samba.org/samba/security/CVE-2015-5252.html

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2015-5252

samba1 openvas30 cvelist1 debiancve1 ubuntucve1 checkpoint_advisories1 ibm2 veracode5 nvd1 prion1 f52 suse10 debian5 redhat5 osv3 nessus38 centos3 oraclelinux4 amazon1 mageia1 altlinux4 ubuntu2 freebsd1 gentoo1 oracle1