| Name | CVE-2015-3400 |
| Description | sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| zfs-linux (PTS) | buster/contrib | 0.7.12-2+deb10u2 | fixed |
| buster/contrib (security) | 0.7.12-2+deb10u3 | fixed |
| bullseye/contrib | 2.0.3-9+deb11u1 | fixed |
| bookworm/contrib | 2.1.11-1 | fixed |
| trixie/contrib | 2.2.3-1 | fixed |
| sid/contrib | 2.2.3-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| zfs-linux | source | (unstable) | (not affected) | | | |
Notes
- zfs-linux <not-affected> (Specific to packages on archive.zfsonlinux.org repositories)
Issue with ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories
https://github.com/zfsonlinux/zfs/issues/3319