Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11965

HistoryJan 15, 2019 - 9:10 a.m.

Authorization Bypass

2019-01-1509:10:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

samba is vulnerable to authorization bypass. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL.

CPENameOperatorVersion
sambaeq3.6.9__164.el6
sambaeq3.6.23__21.el6_7
sambaeq3.5.4__68.el6_0.1
sambaeq3.6.9__160.7.el6rhs
sambaeq3.6.9__168.el6_5
sambaeq3.6.23__43.el6_9
sambaeq3.6.23__25.el6_7
sambaeq4.1.17__14.el7rhgs
sambaeq4.2.4__13.el7rhgs
sambaeq4.2.4__13.el6rhs

Rows per page:

1-10 of 1301

References

lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html

lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html

lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

www.debian.org/security/2016/dsa-3514

www.securityfocus.com/bid/84267

www.securitytracker.com/id/1035220

www.ubuntu.com/usn/USN-2922-1

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1315736

bugzilla.samba.org/show_bug.cgi?id=11648

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121842

rhn.redhat.com/errata/RHSA-2016-0447.html

www.samba.org/samba/security/CVE-2015-7560.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

Related for VERACODE:11965

fedora3 nessus27 centos2 openvas25 debiancve1 suse9 prion1 oraclelinux3 ubuntucve1 redhat3 ibm3 amazon1 cve1 mageia1 samba1 altlinux5 slackware1 f52 debian2 osv1 ubuntu1