Medium severity6.5NVD Advisory· Published Mar 13, 2016· Updated May 6, 2026
CVE-2015-7560
CVE-2015-7560
Description
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
Affected products
9cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=3.2.0,<4.1.23
- cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3514nvdThird Party Advisory
- www.securityfocus.com/bid/84267nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035220nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2922-1nvdThird Party Advisory
- bugzilla.samba.org/show_bug.cginvdIssue TrackingVendor Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- www.samba.org/samba/security/CVE-2015-7560.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.