[3.4] samba: security issues (CVE-2015-7560, CVE-2016-0771)| ID: oval:org.secpod.oval:def:1800418 | Date: (C)2018-03-29 (M)2023-07-28 |
| Class: PATCH | Family: unix |
CVE-2015-7560 Incorrect ACL get/set allowed on symlink path. All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable toa malicious client overwriting the ownership of ACLs using symlinks. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or directory, and then use non-UNIX SMB1calls to overwrite the contents of the ACL on the file or directory linked to. Update to 4.1.23 or 4.2.9
| Platform: |
| Alpine Linux 3.4 |
