CVE-2015-5252
samba - security update
7.2
HIGH
CVSS 3.1
EPSS 17.7%
Description
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
How to fix CVE-2015-5252
To remediate CVE-2015-5252, upgrade the affected package to a fixed version below.
- Debian/samba—upgrade to 2:4.1.22+dfsg-1 or later
- —upgrade to 2:3.5.6~dfsg-3squeeze13 or later
Is CVE-2015-5252 being exploited?
Moderate — EPSS is 17.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2:4.1.22+dfsg-1
- from 0, < 2:3.5.6~dfsg-3squeeze13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |