Medium severity6.5NVD Advisory· Published Mar 13, 2016· Updated Jun 17, 2026
CVE-2015-7560
CVE-2015-7560
Description
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=3.2.0,<4.1.23
- cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*
- (no CPE)range: <4.1.23, <4.2.9, <4.3.6, <4.4.0rc4
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- osv-coords18 versionspkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweedpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
< 4.5.0-1.1+ 17 more
- (no CPE)range: < 4.5.0-1.1
- (no CPE)range: < 3.6.3-67.2
- (no CPE)range: < 4.1.12-18.8.1
- (no CPE)range: < 4.2.4-11.1
- (no CPE)range: < 3.6.3-48.2
- (no CPE)range: < 3.6.3-67.2
- (no CPE)range: < 4.1.12-18.8.1
- (no CPE)range: < 4.2.4-11.1
- (no CPE)range: < 3.6.3-67.2
- (no CPE)range: < 4.1.12-18.8.1
- (no CPE)range: < 4.2.4-11.1
- (no CPE)range: < 3.6.3-67.2
- (no CPE)range: < 4.1.12-18.8.1
- (no CPE)range: < 4.2.4-11.1
- (no CPE)range: < 3.6.3-67.2
- (no CPE)range: < 3.6.3-48.2
- (no CPE)range: < 3.6.3-67.2
- (no CPE)range: < 3.6.3-67.2
Patches
Vulnerability mechanics
References
19- lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3514nvdThird Party Advisory
- www.securityfocus.com/bid/84267nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035220nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2922-1nvdThird Party Advisory
- bugzilla.samba.org/show_bug.cginvdIssue TrackingVendor Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- www.samba.org/samba/security/CVE-2015-7560.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.