Home > Vulnerability Database > CVE-2015-7560

Mend.io Vulnerability Database

CVE-2015-7560

Good to know:

Date: March 13, 2016

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

Language: C

Severity Score

6.5

Related Resources (24)

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html

Url: http://www.debian.org/security/2016/dsa-3514

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html

Url: https://www.samba.org/samba/security/CVE-2015-7560.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html

Url: http://www.ubuntu.com/usn/USN-2922-1

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842

Url: https://security-tracker.debian.org/tracker/CVE-2015-7560

Url: https://bugzilla.samba.org/show_bug.cgi?id=11648

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html

Url: https://access.redhat.com/security/cve/CVE-2015-7560

Url: http://www.securityfocus.com/bid/84267

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

Url: http://www.securitytracker.com/id/1035220

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7560

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7560

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-7560

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version 4.1.23,4.2.9,4.3.6,4.4.0rc4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-7560

Good to know:

Date: March 13, 2016

Language: C

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?