Samba CVE-2015-5252 Symlink Vulnerability



Samba is prone to a symlink vulnerability.

An attacker can exploit this issue to access files outside of the restricted directory and perform other attacks.

Information

Bugtraq ID: 79733
Class: Design Error
CVE: CVE-2015-5252

Remote: Yes
Local: No
Published: Dec 29 2015 12:00AM
Updated: Apr 19 2017 03:04PM
Credit: Jan Yenya Kasprzak and the Computer Systems Unit team
Vulnerable: SuSE SUSE Linux Enterprise Server 10 SP4 LTSS
SuSE openSUSE Evergreen 11.4
Samba Samba 4.3.2
Samba Samba 4.3.1
Samba Samba 4.3
Samba Samba 4.2.6
Samba Samba 4.2.5
Samba Samba 4.2.4
Samba Samba 4.2.3
Samba Samba 4.2.2
Samba Samba 4.2.1
Samba Samba 4.2
Samba Samba 4.1.21
Samba Samba 4.1.20
Samba Samba 4.1.19
Samba Samba 4.1.18
Samba Samba 4.1.17
Samba Samba 4.1.16
Samba Samba 4.1.15
Samba Samba 4.1.14
Samba Samba 4.1.13
Samba Samba 4.1.10
Samba Samba 4.1.9
Samba Samba 4.1.7
Samba Samba 4.1.3
Samba Samba 4.1.2
Samba Samba 4.1.1
Samba Samba 4.1
Samba Samba 4.0.24
Samba Samba 4.0.23
Samba Samba 4.0.21
Samba Samba 4.0.20
Samba Samba 4.0.19
Samba Samba 4.0.18
Samba Samba 4.0.17
Samba Samba 4.0.13
Samba Samba 4.0.12
Samba Samba 4.0.10
Samba Samba 4.0.2
Samba Samba 3.6.24
Samba Samba 3.6.23
Samba Samba 3.6.22
Samba Samba 3.6.21
Samba Samba 3.6.20
Samba Samba 3.6.19
Samba Samba 3.6.12
Samba Samba 3.6.4
Samba Samba 3.6.3
Samba Samba 3.6.2
Samba Samba 3.6.1
Samba Samba 3.6
Samba Samba 3.5.22
Samba Samba 3.5.21
Samba Samba 3.5.16
Samba Samba 3.5.13
Samba Samba 3.5.9
Samba Samba 3.5.8
Samba Samba 3.5.2
Samba Samba 3.5.1
Samba Samba 3.5
Samba Samba 3.4.15
Samba Samba 3.4.14
Samba Samba 3.4.13
Samba Samba 3.4.12
Samba Samba 3.4.11
Samba Samba 3.4.10
Samba Samba 3.4.8
Samba Samba 3.4.7
Samba Samba 3.4.6
Samba Samba 3.4.5
Samba Samba 3.4.2
Samba Samba 3.4.1
Samba Samba 3.4
Samba Samba 3.3.16
Samba Samba 3.3.15
Samba Samba 3.3.14
Samba Samba 3.3.13
Samba Samba 3.3.12
Samba Samba 3.3.11
Samba Samba 3.3.10
Samba Samba 3.3.9
Samba Samba 3.3.8
Samba Samba 3.3.7
Samba Samba 3.3.6
Samba Samba 3.3.5
Samba Samba 3.3.4
Samba Samba 3.3.3
Samba Samba 3.3.1
Samba Samba 3.3
Samba Samba 3.2.15
Samba Samba 3.2.14
Samba Samba 3.2.13
Samba Samba 3.2.12
Samba Samba 3.2.11
Samba Samba 3.2.10
Samba Samba 3.2.7
Samba Samba 3.2.6
Samba Samba 3.2.5
Samba Samba 3.2.4
Samba Samba 3.2.3
Samba Samba 3.2.2
Samba Samba 3.2.1
Samba Samba 3.2
Samba Samba 3.0.37
Samba Samba 3.0.36
Samba Samba 3.0.35
Samba Samba 3.0.34
Samba Samba 3.0.33
Samba Samba 3.0.32
Samba Samba 3.0.31
Samba Samba 3.0.30
Samba Samba 3.0.29
Samba Samba 3.0.28
Samba Samba 3.0.27
Samba Samba 3.0.26
Samba Samba 3.0.25
Samba Samba 3.0.24
Samba Samba 3.0.23
Samba Samba 3.0.22
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21
Samba Samba 3.0.20
+ Slackware Linux 10.2
Samba Samba 3.0.19
Samba Samba 3.0.18
Samba Samba 3.0.17
Samba Samba 3.0.16
Samba Samba 3.0.15
Samba Samba 3.0.14
Samba Samba 3.0.13
Samba Samba 3.0.12
Samba Samba 3.0.11
Samba Samba 3.0.10
+ Slackware Linux 10.1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
Samba Samba 3.0.9
Samba Samba 3.0.8
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
Samba Samba 3.0.5
Samba Samba 3.0.4
Samba Samba 3.0.3
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0
Samba Samba 4.1.8
Samba Samba 4.1.6
Samba Samba 4.1.5
Samba Samba 4.1.11
Samba Samba 4.0.9
Samba Samba 4.0.8
Samba Samba 4.0.7
Samba Samba 4.0.6
Samba Samba 4.0.5
Samba Samba 4.0.4
Samba Samba 4.0.3
Samba Samba 4.0.22
Samba Samba 4.0.16
Samba Samba 4.0.15
Samba Samba 4.0.14
Samba Samba 4.0.11
Samba Samba 4.0.1
Samba Samba 4.0.0
Samba Samba 3.6.9
Samba Samba 3.6.8
Samba Samba 3.6.7
Samba Samba 3.6.6
Samba Samba 3.6.5
Samba Samba 3.6.17
Samba Samba 3.6.16
Samba Samba 3.6.15
Samba Samba 3.6.13
Samba Samba 3.6.11
Samba Samba 3.6.10
Samba Samba 3.5.7
Samba Samba 3.5.6
Samba Samba 3.5.5
Samba Samba 3.5.4
Samba Samba 3.5.3
Samba Samba 3.5.20
Samba Samba 3.5.19
Samba Samba 3.5.18
Samba Samba 3.5.15
Samba Samba 3.5.14
Samba Samba 3.5.10
Samba Samba 3.5
Samba Samba 3.4.9
Samba Samba 3.4.17
Samba Samba 3.4.16
Samba Samba 3.3.2
Samba Samba 3.2.9
Samba Samba 3.2.8
Samba Samba 3.1.0
S.u.S.E. openSUSE 13.2
S.u.S.E. openSUSE 13.1
Redhat Gluster Storage 3.1
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server EUS 6.7.z
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux Resilient Storage 7
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Oracle Solaris 11.3
Oracle Solaris 10
Oracle Linux 7
Oracle Linux 6.0
Oracle Linux 6
Oracle Advanced Support Gateway 0
IBM Storwize V7000 Unified 1.6.0.1
IBM Storwize V7000 Unified 1.6.0.0
IBM Storwize V7000 Unified 1.5.2.3
IBM Storwize V7000 Unified 1.5.2.2
IBM Storwize V7000 Unified 1.5.2.1
IBM Storwize V7000 Unified 1.5.2.0
IBM Storwize V7000 Unified 1.5.1.3
IBM Storwize V7000 Unified 1.5.1.0
IBM Storwize V7000 Unified 1.5.0.2
IBM Storwize V7000 Unified 1.5.0.1
IBM Storwize V7000 Unified 1.5.0.0
IBM Spectrum Scale 4.2
IBM Spectrum Scale 4.1.1
IBM SONAS 1.5.2.3
IBM SONAS 1.5.2.2
IBM SONAS 1.5.2.1
IBM SONAS 1.5.2.0
IBM SONAS 1.5.1.3
IBM SONAS 1.5.1.0
IBM SONAS 1.5.0.2
IBM SONAS 1.5.0.1
IBM SONAS 1.5.0.0
IBM i 7.2
HP Common Internet File System (CIFS) Server 3.2.4
HP Common Internet File System (CIFS) Client 3.2.4
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64


Not Vulnerable: Samba Samba 4.3.3
Samba Samba 4.2.7
Samba Samba 4.1.22
Oracle Solaris 11.3 SRU 6.5
Oracle Advanced Support Gateway 7.2
IBM Storwize V7000 Unified 1.5.2.4
IBM SONAS 1.5.2.4



Related Posts

Comments