CVE-2015-5299

Priority
Description
The shadow_copy2_get_shadow_copy_data function in
modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before
4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST
access right has been granted, which allows remote attackers to access
snapshots by visiting a shadow copy directory.
Assigned-to
mdeslaur
Notes
mdeslaur3.2.0 to 4.3.2
3.6 patch in upstream bug
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.6.3-2ubuntu2.13)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.3+dfsg-1ubuntu1)
Patches:
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=fa777786d75272e3190dcbd32eeff9b3e4f03bde (4.1)
Package
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:42:21 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)