// For flags

CVE-2015-7560

samba: Incorrect ACL get/set allowed on symlink path

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

La implementación de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 permite a usuarios remotos autenticados modificar ACLs arbitrarias utilizando una llamada UNIX SMB1 para crear un enlace simbólico, y después usar una llamada no-UNIX SMB1 para escribir en el contenido de la ACL.

A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL.

Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly obtain uninitialized memory contents. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-09-29 CVE Reserved
  • 2016-03-08 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-04-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
References (21)
URL Tag Source
http://www.securityfocus.com/bid/84267 Third Party Advisory
http://www.securitytracker.com/id/1035220 Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html 2022-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html 2022-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html 2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html 2022-08-29
http://www.debian.org/security/2016/dsa-3514 2022-08-29
http://www.ubuntu.com/usn/USN-2922-1 2022-08-29
https://bugzilla.samba.org/show_bug.cgi?id=11648 2022-08-29
https://www.samba.org/samba/security/CVE-2015-7560.html 2022-08-29
https://access.redhat.com/security/cve/CVE-2015-7560 2016-03-15
https://bugzilla.redhat.com/show_bug.cgi?id=1309992 2016-03-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 >= 3.2.0 < 4.1.23
Search vendor "Samba" for product "Samba" and version " >= 3.2.0 < 4.1.23"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 >= 4.2.0 < 4.2.9
Search vendor "Samba" for product "Samba" and version " >= 4.2.0 < 4.2.9"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 >= 4.3.0 < 4.3.6
Search vendor "Samba" for product "Samba" and version " >= 4.3.0 < 4.3.6"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.4.0
Search vendor "Samba" for product "Samba" and version "4.4.0"
rc1
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.4.0
Search vendor "Samba" for product "Samba" and version "4.4.0"
rc2
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 4.4.0
Search vendor "Samba" for product "Samba" and version "4.4.0"
rc3
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected