7.2

CVE-2015-5252

Exploit

EPSS 24.74%
Published 29.12.2015 22:59:01
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

Affected products Warnungen 0 Metrics 3 CWE 0 References 27

Data is provided by the National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 3.0.0 < 4.1.22

Samba ≫ Samba Version >= 4.2.0 < 4.2.7

Samba ≫ Samba Version >= 4.3.0 < 4.3.3

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.04

Canonical ≫ Ubuntu Linux Version15.10

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	24.74%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

Third Party Advisory

Mailing List

http://www.debian.org/security/2016/dsa-3433

Third Party Advisory

http://www.securitytracker.com/id/1034493

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2855-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2855-2

Third Party Advisory

https://security.gentoo.org/glsa/201612-47

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/79733

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1290288

Third Party Advisory

Issue Tracking

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=4278ef25f64d5fdbf432ff1534e275416ec9561e

https://www.samba.org/samba/security/CVE-2015-5252.html

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-5252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5252

EUVD