Security Bulletin: Vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2015-5252)

Summary

A Samba vulnerability which could allow a remote attacker to launch a symlink attack affects IBM Spectrum Scale SMB protocol access method.

Vulnerability Details

CVEID: CVE-2015-5252 DESCRIPTION: Samba could allow a remote attacker to launch a symlink attack, caused by the improper verification of symlinks by the smbd server. An attacker could exploit this vulnerability to gain access to files located outside of the exported share path.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109137 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Spectrum Scale V4.1.1 and V4.2 Standard and Advanced Editions

Remediation/Fixes

Install the latest update for your level of IBM Spectrum Scale.

For V4.2.0.0 thru V4.2.0.1, obtain V4.2.0.2 from Fix Central at:

http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.0&platform=All&function=all

• * For V4.1.1,0 thru V4.1.1.4, obtain V4.1.1.5 from Fix Central at[:](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all>)
  

http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all

Workarounds and Mitigations

None