7.2

CVE-2015-5252

Exploit
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.0 < 4.1.22
SambaSamba Version >= 4.2.0 < 4.2.7
SambaSamba Version >= 4.3.0 < 4.3.3
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.27% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3433
Third Party Advisory
http://www.securitytracker.com/id/1034493
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2855-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2855-2
Third Party Advisory
https://security.gentoo.org/glsa/201612-47
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/79733
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1290288
Third Party Advisory
Issue Tracking
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=4278ef25f64d5fdbf432ff1534e275416ec9561e
https://www.samba.org/samba/security/CVE-2015-5252.html
Vendor Advisory
Exploit