Vulnerability CVE-2015-5252: Information
Description
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
samba | sisyphus | 4.3.3-alt1 | 4.19.6-alt1 | ALT-PU-2015-2138-1 | 155040 | Fixed |
samba | p10 | 4.3.3-alt1 | 4.19.6-alt1 | ALT-PU-2015-2138-1 | 155040 | Fixed |
samba | p9 | 4.3.3-alt1 | 4.14.10-alt2 | ALT-PU-2015-2138-1 | 155040 | Fixed |
samba | c10f1 | 4.3.3-alt1 | 4.16.11-alt2 | ALT-PU-2015-2138-1 | 155040 | Fixed |
samba | c9f2 | 4.3.3-alt1 | 4.14.14-alt0.c9.1 | ALT-PU-2015-2138-1 | 155040 | Fixed |
samba | c7 | 4.1.22-alt0.M70C.2 | 4.6.15-alt1.M70C.1 | ALT-PU-2015-2143-1 | 155076 | Fixed |
samba-DC | c7 | 4.3.3-alt0.M70C.1 | 4.6.15-alt1.M70C.1 | ALT-PU-2015-2142-1 | 155076 | Fixed |