CVE-2015-5299

2015-12-1600:00:00

ubuntu.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

The shadow_copy2_get_shadow_copy_data function in
modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before
4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST
access right has been granted, which allows remote attackers to access
snapshots by visiting a shadow copy directory.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=11529>

Notes

Author	Note
mdeslaur	3.2.0 to 4.3.2 3.6 patch in upstream bug

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchsamba< 2:3.6.3-2ubuntu2.13UNKNOWN
ubuntu14.04noarchsamba< 2:4.1.6+dfsg-1ubuntu2.14.04.11UNKNOWN
ubuntu15.04noarchsamba< 2:4.1.13+dfsg-4ubuntu3.1UNKNOWN
ubuntu15.10noarchsamba< 2:4.1.17+dfsg-4ubuntu3.1UNKNOWN
ubuntu16.04noarchsamba< 2:4.3.3+dfsg-1ubuntu1UNKNOWN
ubuntu16.10noarchsamba< 2:4.3.3+dfsg-1ubuntu1UNKNOWN
ubuntu17.04noarchsamba< 2:4.3.3+dfsg-1ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	samba	< 2:3.6.3-2ubuntu2.13	UNKNOWN
ubuntu	14.04	noarch	samba	< 2:4.1.6+dfsg-1ubuntu2.14.04.11	UNKNOWN
ubuntu	15.04	noarch	samba	< 2:4.1.13+dfsg-4ubuntu3.1	UNKNOWN
ubuntu	15.10	noarch	samba	< 2:4.1.17+dfsg-4ubuntu3.1	UNKNOWN
ubuntu	16.04	noarch	samba	< 2:4.3.3+dfsg-1ubuntu1	UNKNOWN
ubuntu	16.10	noarch	samba	< 2:4.3.3+dfsg-1ubuntu1	UNKNOWN
ubuntu	17.04	noarch	samba	< 2:4.3.3+dfsg-1ubuntu1	UNKNOWN