Home

CVE-2015-5299

Description

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
8.491

Associated Vulnerability

VulnerabilityOS Platform
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_3.6.3-2ubuntu2.13_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_3.6.3-2ubuntu2.13_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.13+dfsg-4ubuntu3.1_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.13+dfsg-4ubuntu3.1_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu2_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu3_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu2_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.17+dfsg-4ubuntu3_amd64.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.6+dfsg-1ubuntu2.14.04.11_i386.debLinux
SMB/CIFS file, print, and login server for Unix (USN-2855-1) samba_4.1.6+dfsg-1ubuntu2.14.04.11_amd64.debLinux
samba regression update(DSA-3548-3) samba_4.2.10+dfsg-0+deb8u3_i386.debLinux
samba regression update(DSA-3548-3) samba_4.2.10+dfsg-0+deb8u3_amd64.debLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Server 11-SP3 ) ldapsmb-1.34b-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libldb1-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libldb1-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libsmbclient0-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libsmbclient0-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libtalloc2-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libtalloc2-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libtdb1-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libtdb1-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libtevent0-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libtevent0-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libwbclient0-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) libwbclient0-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-client-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-client-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-doc-3.6.3-64.1.noarch.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-krb-printing-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-winbind-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2016:0164-1(SUSE Linux Enterprise Desktop 11-SP3 ) samba-winbind-32bit-3.6.3-64.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) ldb-debugsource-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-32bit-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-debuginfo-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libldb1-debuginfo-32bit-1.1.24-4.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-debuginfo-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtalloc2-debuginfo-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-32bit-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-debuginfo-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtdb1-debuginfo-32bit-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-32bit-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-debuginfo-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) libtevent0-debuginfo-32bit-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-debuginfo-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) pytalloc-debuginfo-32bit-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) talloc-debugsource-2.1.5-3.4.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) tdb-debugsource-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Server 12 ) tdb-tools-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Server 12 ) tdb-tools-debuginfo-1.3.8-2.3.1.x86_64.rpmLinux
SUSE-SU-2015:2304-1(SUSE Linux Enterprise Desktop 12 ) tevent-debugsource-0.9.26-3.3.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) ldb-debugsource-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-32bit-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-debuginfo-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libldb1-debuginfo-32bit-1.1.24-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-debuginfo-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtalloc2-debuginfo-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-32bit-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-debuginfo-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtdb1-debuginfo-32bit-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-32bit-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-debuginfo-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) libtevent0-debuginfo-32bit-0.9.26-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-debuginfo-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) pytalloc-debuginfo-32bit-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) talloc-debugsource-2.1.5-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) tdb-debugsource-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Server 12-SP1 ) tdb-tools-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Server 12-SP1 ) tdb-tools-debuginfo-1.3.8-4.1.x86_64.rpmLinux
SUSE-SU-2015:2305-1(SUSE Linux Enterprise Desktop 12-SP1 ) tevent-debugsource-0.9.26-4.1.x86_64.rpmLinux
Libsmbclient update (ELSA-2018-1860) libsmbclient-3.6.23-51.0.1.el6.x86_64.rpmLinux
Libsmbclient-devel update (ELSA-2018-1860) libsmbclient-devel-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba update (ELSA-2018-1860) samba-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-client update (ELSA-2018-1860) samba-client-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-common update (ELSA-2018-1860) samba-common-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-doc update (ELSA-2018-1860) samba-doc-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-domainjoin-gui update (ELSA-2018-1860) samba-domainjoin-gui-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-glusterfs update (ELSA-2018-1860) samba-glusterfs-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-swat update (ELSA-2018-1860) samba-swat-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-winbind update (ELSA-2018-1860) samba-winbind-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-winbind-clients update (ELSA-2018-1860) samba-winbind-clients-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-winbind-devel update (ELSA-2018-1860) samba-winbind-devel-3.6.23-51.0.1.el6.x86_64.rpmLinux
Samba-winbind-krb5-locator update (ELSA-2018-1860) samba-winbind-krb5-locator-3.6.23-51.0.1.el6.x86_64.rpmLinux
Libsmbclient update (ELSA-2018-1860) libsmbclient-3.6.23-51.0.1.el6.i686.rpmLinux
Libsmbclient-devel update (ELSA-2018-1860) libsmbclient-devel-3.6.23-51.0.1.el6.i686.rpmLinux
Samba update (ELSA-2018-1860) samba-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-client update (ELSA-2018-1860) samba-client-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-common update (ELSA-2018-1860) samba-common-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-doc update (ELSA-2018-1860) samba-doc-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-domainjoin-gui update (ELSA-2018-1860) samba-domainjoin-gui-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-swat update (ELSA-2018-1860) samba-swat-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-winbind update (ELSA-2018-1860) samba-winbind-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-winbind-clients update (ELSA-2018-1860) samba-winbind-clients-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-winbind-devel update (ELSA-2018-1860) samba-winbind-devel-3.6.23-51.0.1.el6.i686.rpmLinux
Samba-winbind-krb5-locator update (ELSA-2018-1860) samba-winbind-krb5-locator-3.6.23-51.0.1.el6.i686.rpmLinux
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5299)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234