The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2015-12-29 22:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-5299
Mitre link : CVE-2015-5299
CVE.ORG link : CVE-2015-5299
JSON object : View
Products Affected
samba
- samba
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor