CVE-2015-5252

Priority
Description
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and
4.3.x before 4.3.3, when share names with certain substring relationships
exist, allows remote attackers to bypass intended file-access restrictions
via a symlink that points outside of a share.
Assigned-to
mdeslaur
Notes
mdeslaursays 3.0.0 to 4.3.2
3.6 patch in upstream bug
original patch introduced a regression, see usn-2855-2
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.6.3-2ubuntu2.13)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.3+dfsg-1ubuntu1)
Patches:
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=f0cb216f6385460d4d3c728257baaaa26a95c5d1 (4.1)
Package
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:42:19 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)