Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
356
VMScore

CVE-2015-7560

Published: 13/03/2016 Updated: 29/08/2022
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Samba

Vulnerability Summary

The SMB1 implementation in smbd in Samba 3.x and 4.x prior to 4.1.23, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, and 4.4.x prior to 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba 4.4.0

samba samba

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Ubuntu Security Notice: samba vulnerabilities
Several security issues were fixed in Samba ...
Debian Security Advisories: DSA-3514-1 samba -- security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7560 Jeremy Allison of Google, Inc and the Samba Team discovered that Samba incorrectly handles getting and setting ACLs on a symlink path ...
Amazon Linux AMI: ALAS-2016-674
A flaw was found in the way Samba handled ACLs on symbolic links An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL ...

References

CWE-284https://www.samba.org/samba/security/CVE-2015-7560.htmlhttps://bugzilla.samba.org/show_bug.cgi?id=11648https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842http://www.securityfocus.com/bid/84267http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.htmlhttp://www.debian.org/security/2016/dsa-3514http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlhttp://www.securitytracker.com/id/1035220http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.htmlhttp://www.ubuntu.com/usn/USN-2922-1https://usn.ubuntu.com/2922-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook