CVE-2015-7560

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-7560

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-7560.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-7560

Downstream

DEBIAN-CVE-2015-7560

DSA-3514-1

RHSA-2016:0447

RHSA-2016:0448

RHSA-2016:0449

SUSE-SU-2016:0814-1

SUSE-SU-2016:0816-1

SUSE-SU-2016:0837-1

SUSE-SU-2016:0905-1

UBUNTU-CVE-2015-7560

USN-2922-1

openSUSE-SU-2024:10069-1

Related

Published

2016-03-13T22:59:00Z

Modified

2025-08-09T19:01:26Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

References

Affected packages