CVE-2015-3400 Information

Description

sharenfs 0.6.4 when built with commits bcdd594 and 7d08880 from the zfs repository provides world readable access to the shared zfs file system which might allow remote authenticated users to obtain sensitive information by reading shared files.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.openwall.com/lists/oss-security/2015/04/22/4 http://www.securityfocus.com/bid/74272 https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4 https://github.com/zfsonlinux/zfs/issues/3319 https://github.com/zfsonlinux/zfs/pull/2790/commits

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3