Vulnerability CVE-2015-5252: Information

Description

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-5252
Published: Dec. 30, 2015
Modified: Nov. 7, 2023
Error type identifier: CWE-264

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sambasisyphus4.3.3-alt14.19.6-alt1ALT-PU-2015-2138-1155040Fixed
sambap104.3.3-alt14.19.6-alt1ALT-PU-2015-2138-1155040Fixed
sambap94.3.3-alt14.14.10-alt2ALT-PU-2015-2138-1155040Fixed
sambac10f14.3.3-alt14.16.11-alt2ALT-PU-2015-2138-1155040Fixed
sambac9f24.3.3-alt14.14.14-alt0.c9.1ALT-PU-2015-2138-1155040Fixed
sambac74.1.22-alt0.M70C.24.6.15-alt1.M70C.1ALT-PU-2015-2143-1155076Fixed
samba-DCc74.3.3-alt0.M70C.14.6.15-alt1.M70C.1ALT-PU-2015-2142-1155076Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1290288
  • Issue Tracking
  • Third Party Advisory
https://www.samba.org/samba/security/CVE-2015-5252.html
  • Exploit
  • Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
  • Third Party Advisory
79733
  • Third Party Advisory
  • VDB Entry
openSUSE-SU-2016:1064
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2016:1106
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2016:1107
  • Mailing List
  • Third Party Advisory
SUSE-SU-2016:1105
  • Mailing List
  • Third Party Advisory
USN-2855-2
  • Third Party Advisory
FEDORA-2015-0e0879cc8a
  • Third Party Advisory
USN-2855-1
  • Third Party Advisory
1034493
  • Third Party Advisory
  • VDB Entry
SUSE-SU-2015:2305
  • Mailing List
  • Third Party Advisory
DSA-3433
  • Third Party Advisory
SUSE-SU-2016:0032
  • Mailing List
  • Third Party Advisory
FEDORA-2015-b36076d32e
  • Third Party Advisory
SUSE-SU-2016:0164
  • Mailing List
  • Third Party Advisory
SUSE-SU-2015:2304
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2015:2356
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2015:2354
  • Mailing List
  • Third Party Advisory
GLSA-201612-47
  • Third Party Advisory
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=4278ef25f64d5fdbf432ff1534e275416ec9561e

      1. Configuration 1

        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.3.0
        End excliding
        4.3.3
        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        4.2.0
        End excliding
        4.2.7
        cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
        Start including
        3.0.0
        End excliding
        4.1.22

        Configuration 2

        cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

        Configuration 3

        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top