[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-7560

Date: (C)2016-04-28   (M)2017-10-12
 
CVSS Score: 4.0Access Vector: NETWORK
Exploitability Subscore: 8.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Reference:
SECTRACK-1035220
BID-84267
DSA-3514
FEDORA-2016-4b55f00d00
FEDORA-2016-cad77a4576
FEDORA-2016-ed1587f6ba
SUSE-SU-2016:0814
SUSE-SU-2016:0816
SUSE-SU-2016:0837
SUSE-SU-2016:0905
USN-2922-1
https://bugzilla.samba.org/show_bug.cgi?id=11648
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842
https://www.samba.org/samba/security/CVE-2015-7560.html
openSUSE-SU-2016:0813
openSUSE-SU-2016:0877
openSUSE-SU-2016:1064
openSUSE-SU-2016:1106
openSUSE-SU-2016:1107

CPE    245
cpe:/a:samba:samba:3.5.13
cpe:/a:samba:samba:3.5.14
cpe:/a:samba:samba:3.5.15
cpe:/a:samba:samba:3.5.16
...
CWE    1
CWE-284
OVAL    15
oval:org.secpod.oval:def:703010
oval:org.secpod.oval:def:501783
oval:org.secpod.oval:def:501782
oval:org.secpod.oval:def:203865
...

© 2013 SecPod Technologies