Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-5299

Опубликовано: 29 дек. 2015
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 5
CVSS3: 5.3

Описание

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

РелизСтатусПримечание
devel

released

2:4.3.3+dfsg-1ubuntu1
esm-infra-legacy/trusty

released

2:4.1.6+dfsg-1ubuntu2.14.04.11
esm-infra/xenial

released

2:4.3.3+dfsg-1ubuntu1
precise

released

2:3.6.3-2ubuntu2.13
precise/esm

not-affected

2:3.6.3-2ubuntu2.13
trusty

released

2:4.1.6+dfsg-1ubuntu2.14.04.11
trusty/esm

released

2:4.1.6+dfsg-1ubuntu2.14.04.11
upstream

released

4.3.3,4.2.7,4.1.22
vivid

released

2:4.1.13+dfsg-4ubuntu3.1
vivid/stable-phone-overlay

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

DNE

trusty/esm

DNE

upstream

released

4.3.3,4.2.7,4.1.22
vivid

DNE

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.11003
Средний

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-5299

redhat
больше 9 лет назад

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

nvd логотип

CVE-2015-5299

CVSS3: 5.3
nvd
больше 9 лет назад

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

debian логотип

CVE-2015-5299

CVSS3: 5.3
debian
больше 9 лет назад

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_c ...

github логотип

GHSA-f55c-cff2-h6j3

CVSS3: 5.3
github
больше 3 лет назад

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

fstec логотип

BDU:2021-01297

CVSS3: 5.3
fstec
больше 9 лет назад

Уязвимость функции shadow_copy2_get_shadow_copy_data пакета программ сетевого взаимодействия Samba, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 93%
0.11003
Средний

5 Medium

CVSS2

5.3 Medium

CVSS3