Samba CVE-2015-5252 Symlink Vulnerability

Samba is prone to a symlink vulnerability.

An attacker can exploit this issue to access files outside of the restricted directory and perform other attacks.

Information

Bugtraq ID: 79733
Class: Design Error
CVE: CVE-2015-5252

Remote: Yes
Local: No
Published: Dec 29 2015 12:00AM
Updated: Apr 19 2017 03:04PM
Credit: Jan Yenya Kasprzak and the Computer Systems Unit team
Vulnerable: SuSE SUSE Linux Enterprise Server 10 SP4 LTSS
SuSE openSUSE Evergreen 11.4
Samba Samba 4.3.2
Samba Samba 4.3.1
Samba Samba 4.3
Samba Samba 4.2.6
Samba Samba 4.2.5
Samba Samba 4.2.4
Samba Samba 4.2.3
Samba Samba 4.2.2
Samba Samba 4.2.1
Samba Samba 4.2
Samba Samba 4.1.21
Samba Samba 4.1.20
Samba Samba 4.1.19
Samba Samba 4.1.18
Samba Samba 4.1.17
Samba Samba 4.1.16
Samba Samba 4.1.15
Samba Samba 4.1.14
Samba Samba 4.1.13
Samba Samba 4.1.10
Samba Samba 4.1.9
Samba Samba 4.1.7
Samba Samba 4.1.3
Samba Samba 4.1.2
Samba Samba 4.1.1
Samba Samba 4.1
Samba Samba 4.0.24
Samba Samba 4.0.23
Samba Samba 4.0.21
Samba Samba 4.0.20
Samba Samba 4.0.19
Samba Samba 4.0.18
Samba Samba 4.0.17
Samba Samba 4.0.13
Samba Samba 4.0.12
Samba Samba 4.0.10
Samba Samba 4.0.2
Samba Samba 3.6.24
Samba Samba 3.6.23
Samba Samba 3.6.22
Samba Samba 3.6.21
Samba Samba 3.6.20
Samba Samba 3.6.19
Samba Samba 3.6.12
Samba Samba 3.6.4
Samba Samba 3.6.3
Samba Samba 3.6.2
Samba Samba 3.6.1
Samba Samba 3.6
Samba Samba 3.5.22
Samba Samba 3.5.21
Samba Samba 3.5.16
Samba Samba 3.5.13
Samba Samba 3.5.9
Samba Samba 3.5.8
Samba Samba 3.5.2
Samba Samba 3.5.1
Samba Samba 3.5
Samba Samba 3.4.15
Samba Samba 3.4.14
Samba Samba 3.4.13
Samba Samba 3.4.12
Samba Samba 3.4.11
Samba Samba 3.4.10
Samba Samba 3.4.8
Samba Samba 3.4.7
Samba Samba 3.4.6
Samba Samba 3.4.5
Samba Samba 3.4.2
Samba Samba 3.4.1
Samba Samba 3.4
Samba Samba 3.3.16
Samba Samba 3.3.15
Samba Samba 3.3.14
Samba Samba 3.3.13
Samba Samba 3.3.12
Samba Samba 3.3.11
Samba Samba 3.3.10
Samba Samba 3.3.9
Samba Samba 3.3.8
Samba Samba 3.3.7
Samba Samba 3.3.6
Samba Samba 3.3.5
Samba Samba 3.3.4
Samba Samba 3.3.3
Samba Samba 3.3.1
Samba Samba 3.3
Samba Samba 3.2.15
Samba Samba 3.2.14
Samba Samba 3.2.13
Samba Samba 3.2.12
Samba Samba 3.2.11
Samba Samba 3.2.10
Samba Samba 3.2.7
Samba Samba 3.2.6
Samba Samba 3.2.5
Samba Samba 3.2.4
Samba Samba 3.2.3
Samba Samba 3.2.2
Samba Samba 3.2.1
Samba Samba 3.2
Samba Samba 3.0.37
Samba Samba 3.0.36
Samba Samba 3.0.35
Samba Samba 3.0.34
Samba Samba 3.0.33
Samba Samba 3.0.32
Samba Samba 3.0.31
Samba Samba 3.0.30
Samba Samba 3.0.29
Samba Samba 3.0.28
Samba Samba 3.0.27
Samba Samba 3.0.26
Samba Samba 3.0.25
Samba Samba 3.0.24
Samba Samba 3.0.23
Samba Samba 3.0.22
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21
Samba Samba 3.0.20
+ Slackware Linux 10.2
Samba Samba 3.0.19
Samba Samba 3.0.18
Samba Samba 3.0.17
Samba Samba 3.0.16
Samba Samba 3.0.15
Samba Samba 3.0.14
Samba Samba 3.0.13
Samba Samba 3.0.12
Samba Samba 3.0.11
Samba Samba 3.0.10
+ Slackware Linux 10.1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
Samba Samba 3.0.9
Samba Samba 3.0.8
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
Samba Samba 3.0.5
Samba Samba 3.0.4
Samba Samba 3.0.3
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0
Samba Samba 4.1.8
Samba Samba 4.1.6
Samba Samba 4.1.5
Samba Samba 4.1.11
Samba Samba 4.0.9
Samba Samba 4.0.8
Samba Samba 4.0.7
Samba Samba 4.0.6
Samba Samba 4.0.5
Samba Samba 4.0.4
Samba Samba 4.0.3
Samba Samba 4.0.22
Samba Samba 4.0.16
Samba Samba 4.0.15
Samba Samba 4.0.14
Samba Samba 4.0.11
Samba Samba 4.0.1
Samba Samba 4.0.0
Samba Samba 3.6.9
Samba Samba 3.6.8
Samba Samba 3.6.7
Samba Samba 3.6.6
Samba Samba 3.6.5
Samba Samba 3.6.17
Samba Samba 3.6.16
Samba Samba 3.6.15
Samba Samba 3.6.13
Samba Samba 3.6.11
Samba Samba 3.6.10
Samba Samba 3.5.7
Samba Samba 3.5.6
Samba Samba 3.5.5
Samba Samba 3.5.4
Samba Samba 3.5.3
Samba Samba 3.5.20
Samba Samba 3.5.19
Samba Samba 3.5.18
Samba Samba 3.5.15
Samba Samba 3.5.14
Samba Samba 3.5.10
Samba Samba 3.5
Samba Samba 3.4.9
Samba Samba 3.4.17
Samba Samba 3.4.16
Samba Samba 3.3.2
Samba Samba 3.2.9
Samba Samba 3.2.8
Samba Samba 3.1.0
S.u.S.E. openSUSE 13.2
S.u.S.E. openSUSE 13.1
Redhat Gluster Storage 3.1
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server EUS 6.7.z
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux Resilient Storage 7
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Oracle Solaris 11.3
Oracle Solaris 10
Oracle Linux 7
Oracle Linux 6.0
Oracle Linux 6
Oracle Advanced Support Gateway 0
IBM Storwize V7000 Unified 1.6.0.1
IBM Storwize V7000 Unified 1.6.0.0
IBM Storwize V7000 Unified 1.5.2.3
IBM Storwize V7000 Unified 1.5.2.2
IBM Storwize V7000 Unified 1.5.2.1
IBM Storwize V7000 Unified 1.5.2.0
IBM Storwize V7000 Unified 1.5.1.3
IBM Storwize V7000 Unified 1.5.1.0
IBM Storwize V7000 Unified 1.5.0.2
IBM Storwize V7000 Unified 1.5.0.1
IBM Storwize V7000 Unified 1.5.0.0
IBM Spectrum Scale 4.2
IBM Spectrum Scale 4.1.1
IBM SONAS 1.5.2.3
IBM SONAS 1.5.2.2
IBM SONAS 1.5.2.1
IBM SONAS 1.5.2.0
IBM SONAS 1.5.1.3
IBM SONAS 1.5.1.0
IBM SONAS 1.5.0.2
IBM SONAS 1.5.0.1
IBM SONAS 1.5.0.0
IBM i 7.2
HP Common Internet File System (CIFS) Server 3.2.4
HP Common Internet File System (CIFS) Client 3.2.4
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64

Not Vulnerable: Samba Samba 4.3.3
Samba Samba 4.2.7
Samba Samba 4.1.22
Oracle Solaris 11.3 SRU 6.5
Oracle Advanced Support Gateway 7.2
IBM Storwize V7000 Unified 1.5.2.4
IBM SONAS 1.5.2.4

References:

• CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share (git.samba)
  
• Samba Homepage (Samba)
  
• Insufficient symlink verification in smbd (samba)
  
• HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Byp (HP)
  
• Moderate: samba security update (Red Hat)
  
• nas8N1021062 Vulnerabilities in Samba affect IBM i (IBM)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  
• Oracle Linux Bulletin - January 2016 (Oracle)
  
• Oracle Solaris Third Party Bulletin - January 2016 (Oracle)
  
• RHSA-2016:0006-1: samba security update (Red Hat)
  
• RHSA-2016:0010-2: samba4 security update (Red Hat)
  
• RHSA-2016:0011-1: samba security update (Red Hat)
  
• ssg1S1005688:Samba vulnerability issues on IBM Storwize V7000 Unified (CVE-2015- (IBM)
  
• ssg1S1005689:Vulnerability in Samba affects IBM Spectrum Scale SMB protocol acce (IBM)
  
• ssg1S1005693:Samba vulnerability issues on IBM SONAS (CVE-2015-5252, CVE-2015-52 (IBM)
  
• ssg1S1005810: Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 (IBM)
  

Source: www.securityfocus.com