Information Disclosure

2020-11-0905:13:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

samba is vulnerable to information disclosure. A missing permissions check on a directory handle requesting ChangeNotify meant that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only.

CPENameOperatorVersion
samba:3.12eq4.12.2-r1
samba:xenialeq2:4.3.11+dfsg-0ubuntu0.16.04.29
samba:xenialeq2:4.3.8+dfsg-0ubuntu1
samba:bioniceq2:4.7.6+dfsg~ubuntu-0ubuntu2.18
samba:bioniceq2:4.7.6+dfsg~ubuntu-0ubuntu2
samba:focaleq2:4.11.6+dfsg-0ubuntu1
samba:focaleq2:4.11.6+dfsg-0ubuntu1.4
samba:groovyeq2:4.12.5+dfsg-3ubuntu3
samba:develeq2:4.12.5+dfsg-3ubuntu3
samba:stretcheq2:4.5.16+dfsg-1+deb9u2

Name	Operator	Version
samba:3.12	eq	4.12.2-r1
samba:xenial	eq	2:4.3.11+dfsg-0ubuntu0.16.04.29
samba:xenial	eq	2:4.3.8+dfsg-0ubuntu1
samba:bionic	eq	2:4.7.6+dfsg~ubuntu-0ubuntu2.18
samba:bionic	eq	2:4.7.6+dfsg~ubuntu-0ubuntu2
samba:focal	eq	2:4.11.6+dfsg-0ubuntu1
samba:focal	eq	2:4.11.6+dfsg-0ubuntu1.4
samba:groovy	eq	2:4.12.5+dfsg-3ubuntu3
samba:devel	eq	2:4.12.5+dfsg-3ubuntu3
samba:stretch	eq	2:4.5.16+dfsg-1+deb9u2