Lucene search

K

[email protected]CVE-2015-5252

HistoryDec 29, 2015 - 10:59 p.m.

CVE-2015-5252

2015-12-2922:59:00

CWE-264

[email protected]

web.nvd.nist.gov

82

2

samba

cve-2015-5252

file access

remote attack

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.6%

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

CPENameOperatorVersion
samba:sambasambalt4.3.3
samba:sambasambalt4.2.7
samba:sambasambalt4.1.22
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0

References

lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

www.debian.org/security/2016/dsa-3433

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/79733

www.securitytracker.com/id/1034493

www.ubuntu.com/usn/USN-2855-1

www.ubuntu.com/usn/USN-2855-2

bugzilla.redhat.com/show_bug.cgi?id=1290288

git.samba.org/?p=samba.git%3Ba=commit%3Bh=4278ef25f64d5fdbf432ff1534e275416ec9561e

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

security.gentoo.org/glsa/201612-47

www.samba.org/samba/security/CVE-2015-5252.html

Social References

More

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.6%

Related for CVE-2015-5252

checkpoint_advisories1 veracode5 ubuntucve1 ibm2 openvas30 samba1 debiancve1 cvelist1 prion1 f52 nessus37 osv3 debian5 redhat5 suse10 centos3 oraclelinux4 amazon1 mageia1 altlinux4 ubuntu2 freebsd1 gentoo1 oracle1