Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

  • Published: Mar 13, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-7560
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
samba / samba 4.4.0-rc3 4.4.0-rc3.x
samba / samba 4.4.0-rc1 4.4.0-rc1.x
samba / samba 4.4.0-rc2 4.4.0-rc2.x
samba / samba 3.2.0 4.1.23
samba / samba 4.2.0 4.2.9
samba / samba 4.3.0 4.3.6
canonical / ubuntu_linux 15.10 15.10.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 12.04 12.04.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x