High severity7.2NVD Advisory· Published Dec 29, 2015· Updated Jun 17, 2026
CVE-2015-5252
CVE-2015-5252
Description
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
67cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=3.0.0,<4.1.22
- (no CPE)range: <4.1.22, <4.2.7, <4.3.3
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- osv-coords59 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/talloc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/tdb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/tevent&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 4.5.0-1.1+ 58 more
- (no CPE)range: < 4.5.0-1.1
- (no CPE)range: < 1.1.24-4.3.1
- (no CPE)range: < 1.1.24-4.1
- (no CPE)range: < 1.1.24-4.3.1
- (no CPE)range: < 1.1.24-4.1
- (no CPE)range: < 1.1.24-4.3.1
- (no CPE)range: < 1.1.24-4.1
- (no CPE)range: < 1.1.24-4.3.1
- (no CPE)range: < 1.1.24-4.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 4.1.12-18.3.1
- (no CPE)range: < 4.2.4-6.1
- (no CPE)range: < 3.6.3-45.2
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 4.1.12-18.3.1
- (no CPE)range: < 4.2.4-6.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 4.1.12-18.3.1
- (no CPE)range: < 4.2.4-6.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 4.1.12-18.3.1
- (no CPE)range: < 4.2.4-6.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-45.2
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 3.6.3-64.1
- (no CPE)range: < 2.1.5-3.4.1
- (no CPE)range: < 2.1.5-4.1
- (no CPE)range: < 2.1.5-3.4.1
- (no CPE)range: < 2.1.5-4.1
- (no CPE)range: < 2.1.5-3.4.1
- (no CPE)range: < 2.1.5-4.1
- (no CPE)range: < 2.1.5-3.4.1
- (no CPE)range: < 2.1.5-4.1
- (no CPE)range: < 1.3.8-2.3.1
- (no CPE)range: < 1.3.8-4.1
- (no CPE)range: < 1.3.8-2.3.1
- (no CPE)range: < 1.3.8-4.1
- (no CPE)range: < 1.3.8-2.3.1
- (no CPE)range: < 1.3.8-4.1
- (no CPE)range: < 1.3.8-2.3.1
- (no CPE)range: < 1.3.8-4.1
- (no CPE)range: < 0.9.26-3.3.1
- (no CPE)range: < 0.9.26-4.1
- (no CPE)range: < 0.9.26-3.3.1
- (no CPE)range: < 0.9.26-4.1
- (no CPE)range: < 0.9.26-3.3.1
- (no CPE)range: < 0.9.26-4.1
- (no CPE)range: < 0.9.26-3.3.1
- (no CPE)range: < 0.9.26-4.1
Patches
Vulnerability mechanics
References
24- www.samba.org/samba/security/CVE-2015-5252.htmlnvdExploitVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3433nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/79733nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034493nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2855-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2855-2nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- security.gentoo.org/glsa/201612-47nvdThird Party Advisory
- git.samba.orgnvd
News mentions
0No linked articles in our index yet.