CVE-2015-7560

Sažetak

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Reference

https://www.samba.org/samba/security/CVE-2015-7560.html
https://bugzilla.samba.org/show_bug.cgi?id=11648
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842
http://www.securityfocus.com/bid/84267
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html
http://www.debian.org/security/2016/dsa-3514
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://www.securitytracker.com/id/1035220
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html
http://www.ubuntu.com/usn/USN-2922-1

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2022 - 20:03

Objavljeno

13-03-2016 - 22:59