CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path

CVE ID

CVE-2015-7560

DESCRIPTION

A flaw was found in the way Samba handled ACLs on symbolic links. An
authenticated user could use this flaw to gain access to an arbitrary file or
directory by overwriting its ACL.

CVSS2 Base Score    3.5
Impact: Moderate 

 

RESOLUTION

Resolution:
This was fixed in samba-3.6.23-25.el6_7.x86_64 and later. 
Apply Unitrends security update v10.29 from 07/27/2018 or later, containing  samba-3.6.23-45.el6_9.x86_64

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section