vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-12-29 22:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5252
Mitre link : CVE-2015-5252
CVE.ORG link : CVE-2015-5252
JSON object : View
Products Affected
samba
- samba
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls