CVE-2015-7560
samba: Incorrect ACL get/set allowed on symlink path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 permite a usuarios remotos autenticados modificar ACLs arbitrarias utilizando una llamada UNIX SMB1 para crear un enlace simbólico, y después usar una llamada no-UNIX SMB1 para escribir en el contenido de la ACL.
A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-29 CVE Reserved
- 2016-03-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (21)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/84267 | Third Party Advisory | |
http://www.securitytracker.com/id/1035220 | Third Party Advisory | |
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 3.2.0 < 4.1.23 Search vendor "Samba" for product "Samba" and version " >= 3.2.0 < 4.1.23" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.2.0 < 4.2.9 Search vendor "Samba" for product "Samba" and version " >= 4.2.0 < 4.2.9" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.3.0 < 4.3.6 Search vendor "Samba" for product "Samba" and version " >= 4.3.0 < 4.3.6" | - |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.4.0 Search vendor "Samba" for product "Samba" and version "4.4.0" | rc1 |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.4.0 Search vendor "Samba" for product "Samba" and version "4.4.0" | rc2 |
Affected
| ||||||
Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.4.0 Search vendor "Samba" for product "Samba" and version "4.4.0" | rc3 |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|