#VU32349 Information disclosure in Samba - CVE-2015-5299


| Updated: 2020-07-28

Vulnerability identifier: #VU32349

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-5299

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 4.1.0 - 4.1.21, 4.2.0 - 4.2.6, 4.3.0 - 4.3.2

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.debian.org/security/2016/dsa-3433
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://www.securityfocus.com/bid/79729
https://www.securitytracker.com/id/1034493
https://www.ubuntu.com/usn/USN-2855-1
https://www.ubuntu.com/usn/USN-2855-2
https://bugzilla.redhat.com/show_bug.cgi?id=1276126
https://git.samba.org/?p=samba.git;a=commit;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
https://security.gentoo.org/glsa/201612-47
https://www.samba.org/samba/security/CVE-2015-5299.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HPE HP-UX CIFS-Server (Samba)
Information disclosure in samba (Alpine package)
SUSE Linux update for samba
Amazon Linux AMI update for samba
SUSE Linux update for samba
Information disclosure in Samba
OpenSUSE Linux update for ldb, samba, talloc, tdb, tevent
SUSE Linux update for ldb, samba, talloc, tdb, tevent
SUSE Linux update for ldb, samba, talloc, tdb, tevent