#VU32349 Information disclosure in Samba


Published: 2015-12-30 | Updated: 2020-07-28

Vulnerability identifier: #VU32349

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5299

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 4.1.0 - 4.1.21, 4.2.0 - 4.2.6, 4.3.0 - 4.3.2

External links
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://www.debian.org/security/2016/dsa-3433
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/79729
http://www.securitytracker.com/id/1034493
http://www.ubuntu.com/usn/USN-2855-1
http://www.ubuntu.com/usn/USN-2855-2
http://bugzilla.redhat.com/show_bug.cgi?id=1276126
http://git.samba.org/?p=samba.git;a=commit;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
http://security.gentoo.org/glsa/201612-47
http://www.samba.org/samba/security/CVE-2015-5299.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HPE HP-UX CIFS-Server (Samba)
Information disclosure in samba (Alpine package)
SUSE Linux update for samba
Amazon Linux AMI update for samba
SUSE Linux update for samba
Information disclosure in Samba
OpenSUSE Linux update for ldb, samba, talloc, tdb, tevent
SUSE Linux update for ldb, samba, talloc, tdb, tevent
SUSE Linux update for ldb, samba, talloc, tdb, tevent