Lucene search

K

PRIOn knowledge basePRION:CVE-2015-7560

HistoryMar 13, 2016 - 10:59 p.m.

Design/Logic Flaw

2016-03-1322:59:00

PRIOn knowledge base

www.prio-n.com

5

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.4%

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.

CPENameOperatorVersion
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
ubuntu_linuxeq12.04
debian_linuxeq8.0
debian_linuxeq7.0
sambaeq4.4.0 rc3
sambaeq4.4.0 rc1
sambaeq4.4.0 rc2
sambage3.2.0
sambalt4.1.23

Rows per page:

1-10 of 141

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

www.debian.org/security/2016/dsa-3514

www.securityfocus.com/bid/84267

www.securitytracker.com/id/1035220

www.ubuntu.com/usn/USN-2922-1

bugzilla.samba.org/show_bug.cgi?id=11648

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842

lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html

lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html

lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html

www.samba.org/samba/security/CVE-2015-7560.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

67.4%

Related for PRION:CVE-2015-7560

fedora3 nessus27 centos2 debiancve1 openvas25 suse9 redhat3 ibm3 amazon1 veracode1 cve1 mageia1 samba1 ubuntucve1 oraclelinux3 altlinux5 f52 slackware1 debian2 osv1 ubuntu1