CVE-2015-5299
MEDIUMCVSS 5.3/10EPSS 13.33%
Last modified
CVE-2015-5299 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.. EPSS estimates a 13.33% chance of exploitation in the next 30 days.
Description
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 3.0.20, < 4.1.22 |
| Samba | Samba | >= 4.2.0, < 4.2.7 |
| Samba | Samba | >= 4.3.0, < 4.3.3 |
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 15.04 |
| Canonical | Ubuntu Linux | 15.10 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlMailing List, Third Party Advisory
- http://www.debian.org/security/2016/dsa-3433Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.securityfocus.com/bid/79729Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034493Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2855-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2855-2Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1276126Issue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/201612-47Third Party Advisory
- https://www.samba.org/samba/security/CVE-2015-5299.htmlVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlMailing List, Third Party Advisory
- http://www.debian.org/security/2016/dsa-3433Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.securityfocus.com/bid/79729Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1034493Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2855-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2855-2Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1276126Issue Tracking, Third Party Advisory
- https://security.gentoo.org/glsa/201612-47Third Party Advisory
- https://www.samba.org/samba/security/CVE-2015-5299.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5299?
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
How severe is CVE-2015-5299?
CVE-2015-5299 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 13.33% probability of exploitation in the next 30 days.
How do I fix CVE-2015-5299?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-5299?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST