CVE-2015-5299
Published: 16 December 2015
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
Notes
| Author | Note |
|---|---|
| mdeslaur | 3.2.0 to 4.3.2 3.6 patch in upstream bug |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
samba Launchpad, Ubuntu, Debian |
upstream |
Released
(4.3.3,4.2.7,4.1.22)
|
| precise |
Released
(2:3.6.3-2ubuntu2.13)
|
|
| trusty |
Released
(2:4.1.6+dfsg-1ubuntu2.14.04.11)
|
|
| wily |
Released
(2:4.1.17+dfsg-4ubuntu3.1)
|
|
| xenial |
Released
(2:4.3.3+dfsg-1ubuntu1)
|
|
| yakkety |
Released
(2:4.3.3+dfsg-1ubuntu1)
|
|
| zesty |
Released
(2:4.3.3+dfsg-1ubuntu1)
|
|
| vivid |
Released
(2:4.1.13+dfsg-4ubuntu3.1)
|
|
|
Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=fa777786d75272e3190dcbd32eeff9b3e4f03bde (4.1) |
||
|
samba4 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.3.3,4.2.7,4.1.22)
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |