CVE-2015-5252 : vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with cert

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

Published 2015-12-29 22:59:01

Updated 2022-08-29 20:26:23

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-5252

Probability of exploitation activity in the next 30 days: 1.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-5252

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	3.9	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2015-5252

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-5252

https://security.gentoo.org/glsa/201612-47

Samba: Multiple vulnerabilities (GLSA 201612-47) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html

[security-announce] SUSE-SU-2016:0164-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3433

Debian -- Security Information -- DSA-3433-1 samba
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

[security-announce] openSUSE-SU-2015:2354-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

[security-announce] openSUSE-SU-2016:1064-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html

[SECURITY] Fedora 23 Update: samba-4.3.3-0.fc23
Third Party Advisory

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthoriz
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

[security-announce] SUSE-SU-2015:2304-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html

[security-announce] SUSE-SU-2016:1105-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

[security-announce] openSUSE-SU-2015:2356-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

[security-announce] SUSE-SU-2015:2305-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html

[SECURITY] Fedora 22 Update: samba-4.2.7-0.fc22
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2855-2

USN-2855-2: Samba regression | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html

[security-announce] SUSE-SU-2016:0032-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/79733

Samba CVE-2015-5252 Symlink Vulnerability
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016
Third Party Advisory

CVEs referencing this url
https://www.samba.org/samba/security/CVE-2015-5252.html

Samba - Security Announcement Archive
Exploit;Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

Oracle Solaris Bulletin - January 2016
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

[security-announce] openSUSE-SU-2016:1106-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1034493

Samba Multiple Flaws Let Remote Users Access Data and Files, Obtain Potentially Sensitive Information, and Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1290288

1290288 – (CVE-2015-5252) CVE-2015-5252 samba: Insufficient symlink verification in smbd
Issue Tracking;Third Party Advisory
https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e

git.samba.org - samba.git/commit
Patch;Vendor Advisory
http://www.ubuntu.com/usn/USN-2855-1

USN-2855-1: Samba vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

[security-announce] openSUSE-SU-2016:1107-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2015-5252

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 4.3.0 and before (<) 4.3.3
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 4.2.0 and before (<) 4.2.7
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 3.0.0 and before (<) 4.1.22
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.04
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-5252

Exploit prediction scoring system (EPSS) score for CVE-2015-5252

CVSS scores for CVE-2015-5252

CWE ids for CVE-2015-5252

References for CVE-2015-5252

Products affected by CVE-2015-5252