SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
SecurityTracker Alert ID:  1035220
SecurityTracker URL:  http://securitytracker.com/id/1035220
CVE Reference:   CVE-2015-7560   (Links to External Site)
Date:  Mar 9 2016
Impact:   Modification of system information

Version(s): 3.2.0 to 4.4.0rc3
Description:   A vulnerability was reported in Samba. A remote authenticated user can overwrite access control lists.

A remote authenticated user can invoke SMB1 UNIX extensions to create a symbolic link (symlink) and then issue a non-UNIX SMB1 call to overwrite the owner and group access control list (ACL) on the target file or directory.

Jeremy Allison of Google, Inc. reported this vulnerability.

Impact:   A remote authenticated user can overwrite the access control list (ACL) on the target file or directory.
Solution:   The vendor has issued a fix (4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23).

The vendor's advisory is available at:

https://www.samba.org/samba/security/CVE-2015-7560.html

Vendor URL:  www.samba.org/samba/security/CVE-2015-7560.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 9 2016 (Ubuntu Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Mar 15 2016 (Red Hat Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Mar 15 2016 (Red Hat Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
Red Hat has issued a fix for Red Hat Enterprise Linux.
Mar 15 2016 (Red Hat Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 15 2016 (Oracle Issues Fix for Oracle Linux) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
Oracle has issued a fix for Oracle Linux 6 and 7.
Mar 15 2016 (Oracle Issues Fix for Oracle Linux) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
Oracle has issued a fix for samba4 for Oracle Linux 6.
Mar 16 2016 (CentOS Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
CentOS has issued a fix for CentOS 6 and 7.
Mar 16 2016 (CentOS Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
CentOS has issued a fix for samba4 for CentOS 6.
May 11 2016 (HPE Issues Fix) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
HPE has issued a fix for HP-UX 11.31.
Jul 8 2016 (IBM Issues Fix for IBM Storwize V7000 Unified) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
IBM has issued a fix for IBM Storwize V7000 Unified.
Jul 27 2016 (IBM Issues Fix for IBM DB2) Samba SMB1 UNIX Extensions Symlink Flaw Lets Remote Authenticated Users Overwrite Access Control Lists
IBM has issued a fix for IBM DB2 LUW.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC