Home > Vulnerability Database > CVE-2015-7560

Mend.io Vulnerability Database

CVE-2015-7560

Good to know:

Date: March 13, 2016

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Language: C

Severity Score

4.7

Related Resources (24)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html

Url: http://www.debian.org/security/2016/dsa-3514

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html

Url: https://www.samba.org/samba/security/CVE-2015-7560.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html

Url: http://www.ubuntu.com/usn/USN-2922-1

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842

Url: https://security-tracker.debian.org/tracker/CVE-2015-7560

Url: https://bugzilla.samba.org/show_bug.cgi?id=11648

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html

Url: https://access.redhat.com/security/cve/CVE-2015-7560

Url: http://www.securityfocus.com/bid/84267

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Url: http://www.securitytracker.com/id/1035220

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7560

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7560

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-7560

Severity Score

4.7

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 4.1.23,4.2.9,4.3.6,4.4.0rc4

Learn More

CVSS v3

Base Score:	4.7
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	9.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-7560

Good to know:

Date: March 13, 2016

Language: C

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?