CVE-2015-7698: OS Command Injection
First published: Wed Oct 21 2015(Updated: )
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud SMB | <=1.0.2 | |
| ownCloud | <=8.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7698?
CVE-2015-7698 is considered a critical vulnerability as it allows remote authenticated users to execute arbitrary commands.
How do I fix CVE-2015-7698?
To fix CVE-2015-7698, upgrade the SMB library to version 1.0.3 or later, or ensure that your ownCloud instance is updated to version 8.1.2 or later.
Which versions are affected by CVE-2015-7698?
CVE-2015-7698 affects the SMB library versions prior to 1.0.3 and ownCloud versions prior to 8.1.2.
What does CVE-2015-7698 allow attackers to do?
CVE-2015-7698 allows attackers to exploit the vulnerability to execute arbitrary SMB commands by injecting shell metacharacters.
Who is at risk from CVE-2015-7698?
Remote authenticated users of affected ownCloud and SMB software versions are at risk from CVE-2015-7698.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/owncloud
- canonical/owncloud smb
- version/owncloud smb/1.0.2
- canonical/owncloud
- version/owncloud/8.1.1