Vulnerability identifier: #VU242
Vulnerability risk: Medium
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-61
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Samba
Server applications /
Directory software, identity management
Oracle Linux
Operating systems & Components /
Operating system
Description
The vulnerability allows a remote attacker to launch a symlink attack.
The vulnerability exists in Samba. A remote authenticated attacker can overwrite access control lists on the directory by creating a symbolic link to a file or directory using SMB1 UNIX extensions and then issuing a non-UNIX SMB1.
Successful exploitation of this vulnerability may result in a symlink attack.
Mitigation
Install Samba 4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23.
Vulnerable software versions
Samba: 3.2.0, 4.0.0
Oracle Linux: 6 - 7
External links
http://www-01.ibm.com/support/docview.wss?uid=swg21986595
http://www.samba.org/samba/security/CVE-2015-7560.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.