CVE-2015-5252
HIGH7.2EPSS 17.3%samba - security update
Published: 12/29/2015Modified: 4/28/2026
Description
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Affected packages (2)
- Debian/sambafrom 0, < 2:4.1.22+dfsg-1
- Debian/sambafrom 0, < 2:3.5.6~dfsg-3squeeze13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |