[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84051

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-7560Date: (C)2016-04-28   (M)2018-04-15


The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE_INSTANCE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
SECTRACK-1035220
BID-84267
DSA-3514
FEDORA-2016-4b55f00d00
FEDORA-2016-cad77a4576
FEDORA-2016-ed1587f6ba
SUSE-SU-2016:0814
SUSE-SU-2016:0816
SUSE-SU-2016:0837
SUSE-SU-2016:0905
USN-2922-1
https://bugzilla.samba.org/show_bug.cgi?id=11648
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842
https://www.samba.org/samba/security/CVE-2015-7560.html
openSUSE-SU-2016:0813
openSUSE-SU-2016:0877
openSUSE-SU-2016:1064
openSUSE-SU-2016:1106
openSUSE-SU-2016:1107

CPE    245
cpe:/a:samba:samba:3.2.0
cpe:/a:samba:samba:4.1.13
cpe:/a:samba:samba:4.1.12
cpe:/a:samba:samba:4.1.11
...
CWE    1
CWE-284
OVAL    16
oval:org.secpod.oval:def:203865
oval:org.secpod.oval:def:203864
oval:org.secpod.oval:def:203863
oval:org.secpod.oval:def:400790
...

© 2013 SecPod Technologies