CVE-2015-3400

low-risk
Published 2017-10-18

sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Zfs

Affected Vendors

Zfsonlinux

References (10)

Mailing List http://www.openwall.com/lists/oss-security/2015/04/22/4
Third Party Advisory http://www.securityfocus.com/bid/74272
Patch https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
Third Party Advisory https://github.com/zfsonlinux/zfs/issues/3319
Patch https://github.com/zfsonlinux/zfs/pull/2790/commits
Mailing List http://www.openwall.com/lists/oss-security/2015/04/22/4
Third Party Advisory http://www.securityfocus.com/bid/74272
Patch https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
Third Party Advisory https://github.com/zfsonlinux/zfs/issues/3319
Patch https://github.com/zfsonlinux/zfs/pull/2790/commits
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal