CVE-2015-7560
First published: Sun Mar 13 2016(Updated: )
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | >=3.2.0<4.1.23 | |
| Samba | >=4.2.0<4.2.9 | |
| Samba | >=4.3.0<4.3.6 | |
| Samba | =4.4.0-rc1 | |
| Samba | =4.4.0-rc2 | |
| Samba | =4.4.0-rc3 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =15.10 | |
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://www.debian.org/security/2016/dsa-3514
- http://www.securityfocus.com/bid/84267
- http://www.securitytracker.com/id/1035220
- http://www.ubuntu.com/usn/USN-2922-1
- https://bugzilla.samba.org/show_bug.cgi?id=11648
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842
- https://www.samba.org/samba/security/CVE-2015-7560.html
Frequently Asked Questions
What is the severity of CVE-2015-7560?
CVE-2015-7560 is classified as a medium severity vulnerability.
How do I fix CVE-2015-7560?
To fix CVE-2015-7560, update Samba to versions 4.1.23, 4.2.9, 4.3.6, or 4.4.0rc4 or later.
Who is affected by CVE-2015-7560?
CVE-2015-7560 affects users of Samba versions 3.x and 4.x prior to the specified updates.
What type of vulnerability is CVE-2015-7560?
CVE-2015-7560 is a vulnerability that allows remote authenticated users to modify arbitrary ACLs.
When was CVE-2015-7560 discovered?
CVE-2015-7560 was published in 2015 and affects several releases of Samba.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samba
- canonical/samba
- version/samba/3.2.0
- version/samba/4.2.0
- version/samba/4.3.0
- version/samba/4.4.0-rc1
- version/samba/4.4.0-rc2
- version/samba/4.4.0-rc3
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/15.10
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0