7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Debian Security Advisory DSA-3514-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
March 12, 2016 https://www.debian.org/security/faq
Package : samba
CVE ID : CVE-2015-7560 CVE-2016-0771
Debian Bug : 812429
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:
CVE-2015-7560
Jeremy Allison of Google, Inc. and the Samba Team discovered that
Samba incorrectly handles getting and setting ACLs on a symlink
path. An authenticated malicious client can use SMB1 UNIX extensions
to create a symlink to a file or directory, and then use non-UNIX
SMB1 calls to overwrite the contents of the ACL on the file or
directory linked to.
CVE-2016-0771
Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba
is vulnerable to an out-of-bounds read issue during DNS TXT record
handling, if Samba is deployed as an AD DC and chosen to run the
internal DNS server. A remote attacker can exploit this flaw to
cause a denial of service (Samba crash), or potentially, to allow
leakage of memory from the server in the form of a DNS TXT reply.
Additionally this update includes a fix for a regression introduced due
to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the
share path is '/'.
For the oldstable distribution (wheezy), these problems have been fixed
in version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not
affected by CVE-2016-0771.
For the stable distribution (jessie), these problems have been fixed in
version 2:4.1.17+dfsg-2+deb8u2.
For the unstable distribution (sid), these problems have been fixed in
version 2:4.3.6+dfsg-1.
We recommend that you upgrade your samba packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390x | libpam-winbind | < 3.6.6-6+deb7u7 | libpam-winbind_3.6.6-6+deb7u7_s390x.deb |
Debian | 8 | kfreebsd-amd64 | registry-tools | < 4.1.17+dfsg-2+deb8u2 | registry-tools_4.1.17+dfsg-2+deb8u2_kfreebsd-amd64.deb |
Debian | 7 | s390 | samba-common-bin | < 3.6.6-6+deb7u6 | samba-common-bin_3.6.6-6+deb7u6_s390.deb |
Debian | 8 | kfreebsd-amd64 | libwbclient0 | < 4.1.17+dfsg-2+deb8u2 | libwbclient0_4.1.17+dfsg-2+deb8u2_kfreebsd-amd64.deb |
Debian | 7 | mipsel | samba-tools | < 3.6.6-6+deb7u7 | samba-tools_3.6.6-6+deb7u7_mipsel.deb |
Debian | 8 | mipsel | libsmbsharemodes0 | < 4.1.17+dfsg-2+deb8u1 | libsmbsharemodes0_4.1.17+dfsg-2+deb8u1_mipsel.deb |
Debian | 8 | powerpc | samba | < 4.1.17+dfsg-2+deb8u1 | samba_4.1.17+dfsg-2+deb8u1_powerpc.deb |
Debian | 7 | mipsel | libwbclient0 | < 3.6.6-6+deb7u6 | libwbclient0_3.6.6-6+deb7u6_mipsel.deb |
Debian | 8 | armhf | libnss-winbind | < 4.1.17+dfsg-2+deb8u2 | libnss-winbind_4.1.17+dfsg-2+deb8u2_armhf.deb |
Debian | 8 | mipsel | libpam-winbind | < 4.1.17+dfsg-2+deb8u2 | libpam-winbind_4.1.17+dfsg-2+deb8u2_mipsel.deb |
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N