1
PublicDateAtUSN: 2015-12-16
2
Candidate: CVE-2015-5299
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
7
https://www.samba.org/samba/security/CVE-2015-5299.html
8
https://usn.ubuntu.com/usn/usn-2855-1
10
The shadow_copy2_get_shadow_copy_data function in
11
modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before
12
4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST
13
access right has been granted, which allows remote attackers to access
14
snapshots by visiting a shadow copy directory.
17
mdeslaur> 3.2.0 to 4.3.2
18
mdeslaur> 3.6 patch in upstream bug
20
https://bugzilla.samba.org/show_bug.cgi?id=11529
26
upstream: https://git.samba.org/?p=samba.git;a=commit;h=fa777786d75272e3190dcbd32eeff9b3e4f03bde (4.1)
27
upstream_samba: released (4.3.3,4.2.7,4.1.22)
28
precise_samba: released (2:3.6.3-2ubuntu2.13)
29
precise/esm_samba: released (2:3.6.3-2ubuntu2.13)
30
trusty_samba: released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
31
vivid_samba: released (2:4.1.13+dfsg-4ubuntu3.1)
32
vivid/stable-phone-overlay_samba: DNE
33
vivid/ubuntu-core_samba: DNE
34
wily_samba: released (2:4.1.17+dfsg-4ubuntu3.1)
35
xenial_samba: released (2:4.3.3+dfsg-1ubuntu1)
36
yakkety_samba: released (2:4.3.3+dfsg-1ubuntu1)
37
zesty_samba: released (2:4.3.3+dfsg-1ubuntu1)
38
devel_samba: released (2:4.3.3+dfsg-1ubuntu1)
41
upstream_samba4: released (4.3.3,4.2.7,4.1.22)
42
precise_samba4: ignored (reached end-of-life)
43
precise/esm_samba4: DNE (precise was needed)
46
vivid/stable-phone-overlay_samba4: DNE
47
vivid/ubuntu-core_samba4: DNE