{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "84267", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84267"}, {"name": "openSUSE-SU-2016:1064", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"}, {"name": "SUSE-SU-2016:0837", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html"}, {"name": "openSUSE-SU-2016:0813", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html"}, {"name": "openSUSE-SU-2016:0877", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842"}, {"name": "1035220", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035220"}, {"name": "FEDORA-2016-cad77a4576", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html"}, {"name": "SUSE-SU-2016:0814", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/security/CVE-2015-7560.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=11648"}, {"name": "openSUSE-SU-2016:1106", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"}, {"name": "FEDORA-2016-4b55f00d00", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html"}, {"name": "FEDORA-2016-ed1587f6ba", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html"}, {"name": "openSUSE-SU-2016:1107", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"}, {"name": "SUSE-SU-2016:0905", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html"}, {"name": "SUSE-SU-2016:0816", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html"}, {"name": "USN-2922-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2922-1"}, {"name": "DSA-3514", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3514"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "84267", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84267"}, {"name": "openSUSE-SU-2016:1064", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"}, {"name": "SUSE-SU-2016:0837", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html"}, {"name": "openSUSE-SU-2016:0813", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html"}, {"name": "openSUSE-SU-2016:0877", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842"}, {"name": "1035220", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035220"}, {"name": "FEDORA-2016-cad77a4576", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html"}, {"name": "SUSE-SU-2016:0814", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html"}, {"name": "https://www.samba.org/samba/security/CVE-2015-7560.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/security/CVE-2015-7560.html"}, {"name": "https://bugzilla.samba.org/show_bug.cgi?id=11648", "refsource": "CONFIRM", "url": "https://bugzilla.samba.org/show_bug.cgi?id=11648"}, {"name": "openSUSE-SU-2016:1106", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"}, {"name": "FEDORA-2016-4b55f00d00", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html"}, {"name": "FEDORA-2016-ed1587f6ba", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html"}, {"name": "openSUSE-SU-2016:1107", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"}, {"name": "SUSE-SU-2016:0905", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html"}, {"name": "SUSE-SU-2016:0816", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html"}, {"name": "USN-2922-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2922-1"}, {"name": "DSA-3514", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3514"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:28.521Z"}, "title": "CVE Program Container", "references": [{"name": "84267", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/84267"}, {"name": "openSUSE-SU-2016:1064", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"}, {"name": "SUSE-SU-2016:0837", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html"}, {"name": "openSUSE-SU-2016:0813", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html"}, {"name": "openSUSE-SU-2016:0877", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842"}, {"name": "1035220", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035220"}, {"name": "FEDORA-2016-cad77a4576", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html"}, {"name": "SUSE-SU-2016:0814", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/security/CVE-2015-7560.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=11648"}, {"name": "openSUSE-SU-2016:1106", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"}, {"name": "FEDORA-2016-4b55f00d00", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html"}, {"name": "FEDORA-2016-ed1587f6ba", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html"}, {"name": "openSUSE-SU-2016:1107", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"}, {"name": "SUSE-SU-2016:0905", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html"}, {"name": "SUSE-SU-2016:0816", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html"}, {"name": "USN-2922-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2922-1"}, {"name": "DSA-3514", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3514"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-7560", "datePublished": "2016-03-13T22:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:28.521Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "25B3770C-EA58-406C-BF07-FD5AB4CBFF96", "versionEndExcluding": "4.1.23", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B71571B-8D9E-41C9-800A-4C7752D40B7A", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C70D917-053E-4024-AEC2-200D6E88A1B0", "versionEndExcluding": "4.3.6", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "85877BF1-8B16-4FED-8CDD-3EE9E1999BE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "02A189FF-0E20-4F84-8935-C218F5ED126B", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "55F79F4D-6C85-4388-B7C4-C07AB5502A0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content."}, {"lang": "es", "value": "La implementaci\u00f3n de SMB1 en smbd en Samba 3.x y 4.x en versiones anteriores a 4.1.23, 4.2.x en versiones anteriores a 4.2.9, 4.3.x en versiones anteriores a 4.3.6 y 4.4.x en versiones anteriores a 4.4.0rc4 permite a usuarios remotos autenticados modificar ACLs arbitrarias utilizando una llamada UNIX SMB1 para crear un enlace simb\u00f3lico, y despu\u00e9s usar una llamada no-UNIX SMB1 para escribir en el contenido de la ACL."}], "id": "CVE-2015-7560", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-13T22:59:00.123", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3514"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/84267"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035220"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2922-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=11648"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2015-7560.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/84267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1035220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2922-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=11648"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2015-7560.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters.", "affected_release": [{"advisory": "RHSA-2016:0448", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba-0:3.6.23-25.el6_7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0449", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.0.0-68.el6_7.rc4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0448", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.2.3-12.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0447", "cpe": "cpe:/a:redhat:storage:3.1:samba:el6", "package": "samba-0:4.2.4-15.el6rhs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2016:0447", "cpe": "cpe:/a:redhat:storage:3.1:samba:el7", "package": "samba-0:4.2.4-15.el7rhgs", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2016-03-15T00:00:00Z"}], "bugzilla": {"description": "samba: Incorrect ACL get/set allowed on symlink path", "id": "1309992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1309992"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-284", "details": ["The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.", "A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL."], "name": "CVE-2015-7560", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2016-03-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7560\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7560\nhttps://www.samba.org/samba/security/CVE-2015-7560.html"], "threat_severity": "Moderate"}