Vulnerability Details : CVE-2015-3400
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
Vulnerability category: Information leak
Products affected by CVE-2015-3400
- cpe:2.3:a:zfsonlinux:zfs:0.6.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3400
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2015-3400
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3400
-
https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
Move nfs.c:foreach_nfs_shareopt() to libshare.c:foreach_shareopt() · FransUrbo/zfs@99aa4d2 · GitHubPatch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/04/22/4
oss-security - Re: CVE Request for ZFS on LinuxMailing List;VDB Entry
-
https://github.com/zfsonlinux/zfs/issues/3319
security issue: sharenfs always gives read access for world · Issue #3319 · zfsonlinux/zfs · GitHubThird Party Advisory
-
http://www.securityfocus.com/bid/74272
Debian zfsonlinux 'nfs.c' Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/zfsonlinux/zfs/pull/2790/commits
Rewrite of nfs.c to keep options per host separated. by FransUrbo · Pull Request #2790 · zfsonlinux/zfs · GitHubPatch;Third Party Advisory
Jump to