CVE-2015-3400
Last modified
CVE-2015-3400 is a vulnerability of currently unknown severity. sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.. EPSS estimates a 1.65% chance of exploitation in the next 30 days.
Description
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zfsonlinux | Zfs | 0.6.4 |
References
- http://www.openwall.com/lists/oss-security/2015/04/22/4Mailing List, VDB Entry
- http://www.securityfocus.com/bid/74272Third Party Advisory, VDB Entry
- https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4Patch, Third Party Advisory
- https://github.com/zfsonlinux/zfs/issues/3319Third Party Advisory
- https://github.com/zfsonlinux/zfs/pull/2790/commitsPatch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/04/22/4Mailing List, VDB Entry
- http://www.securityfocus.com/bid/74272Third Party Advisory, VDB Entry
- https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4Patch, Third Party Advisory
- https://github.com/zfsonlinux/zfs/issues/3319Third Party Advisory
- https://github.com/zfsonlinux/zfs/pull/2790/commitsPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-3400?
How severe is CVE-2015-3400?
How do I fix CVE-2015-3400?
Are you affected by CVE-2015-3400?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST