Main Vulnerability Database Vulnerabilities #VU38061

Information disclosure in zfs - CVE-2015-3400

Published: October 18, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38061

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-3400

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
zfs

Software vendor:
openzfs

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2015/04/22/4
http://www.securityfocus.com/bid/74272
https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
https://github.com/zfsonlinux/zfs/issues/3319
https://github.com/zfsonlinux/zfs/pull/2790/commits

Information disclosure in zfs - CVE-2015-3400

Description

Remediation

External links

Please verify you're human