CVE-2015-7560

Loading...

General

Score:4.0/10.0
Severity:Low
Category:Access Control Error

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Multiple

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2016-0771, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 13/03/16 - Updated on 03/12/16

Description

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Category: Access Control Error

CWE-284 (Improper Access Control)
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Security Notices

US National Vulnerability DatabaseCVE-2015-7560
Amazon Linux ALAS-2016-674
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-084
CentOS CESA-2016:0448, CESA-2016:0449
Debian DSA-3514-1
Oracle Linux ELSA-2016-0448, ELSA-2016-0449, ELSA-2017-0662, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2016:0447, RHSA-2016:0448, RHSA-2016:0449
Renater 2016/VULN099
SUSE SUSE-SU-2016:0814, SUSE-SU-2016:0816, SUSE-SU-2016:0837, SUSE-SU-2016:0905
Ubuntu USN-2922-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail