Vulnerability Description
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zfsonlinux | Zfs | 0.6.4 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/04/22/4Mailing ListVDB Entry
- http://www.securityfocus.com/bid/74272Third Party AdvisoryVDB Entry
- https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4PatchThird Party Advisory
- https://github.com/zfsonlinux/zfs/issues/3319Third Party Advisory
- https://github.com/zfsonlinux/zfs/pull/2790/commitsPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/04/22/4Mailing ListVDB Entry
- http://www.securityfocus.com/bid/74272Third Party AdvisoryVDB Entry
- https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4PatchThird Party Advisory
- https://github.com/zfsonlinux/zfs/issues/3319Third Party Advisory
- https://github.com/zfsonlinux/zfs/pull/2790/commitsPatchThird Party Advisory
FAQ
What is CVE-2015-3400?
CVE-2015-3400 is a vulnerability with a CVSS score of 4.3 (MEDIUM). sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtai...
How severe is CVE-2015-3400?
CVE-2015-3400 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3400?
Check the references section above for vendor advisories and patch information. Affected products include: Zfsonlinux Zfs.