Vulnerability Details CVE-2015-3400
sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 3.5
References
- http://www.openwall.com/lists/oss-security/2015/04/22/4
- http://www.securityfocus.com/bid/74272
- https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
- https://github.com/zfsonlinux/zfs/issues/3319
- https://github.com/zfsonlinux/zfs/pull/2790/commits
- http://www.openwall.com/lists/oss-security/2015/04/22/4
- http://www.securityfocus.com/bid/74272
- https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
- https://github.com/zfsonlinux/zfs/issues/3319
- https://github.com/zfsonlinux/zfs/pull/2790/commits
Products affected by CVE-2015-3400
-
cpe:2.3:a:zfsonlinux:zfs:0.6.4