#VU242 Incorrect ACL get/set allowed on symlink path in Samba and Oracle Linux


Published: 2016-07-29 | Updated: 2017-01-10

Vulnerability identifier: #VU242

Vulnerability risk: Medium

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-7560

CWE-ID: CWE-61

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management
Oracle Linux
Operating systems & Components / Operating system

Vendor: Samba
Oracle

Description
The vulnerability allows a remote attacker to launch a symlink attack.

The vulnerability exists in Samba. A remote authenticated attacker can overwrite access control lists on the directory by creating a symbolic link to a file or directory using SMB1 UNIX extensions and then issuing a non-UNIX SMB1.

Successful exploitation of this vulnerability may result in a symlink attack.

Mitigation
Install Samba 4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23.

Vulnerable software versions

Samba: 3.2.0, 4.0.0

Oracle Linux: 6 - 7

External links
http://www-01.ibm.com/support/docview.wss?uid=swg21986595
http://www.samba.org/samba/security/CVE-2015-7560.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Incorrect ACL get/set allowed on symlink path in HPE HP-UX running CIFS Server (Samba)
Amazon Linux AMI update for samba
SUSE Linux update for samba
OpenSUSE Linux update for samba
SUSE Linux update for samba
SUSE Linux update for samba
SUSE Linux update for samba
Incorrect ACL get/set allowed on symlink path in samba (Alpine package)
Red Hat update for samba4
Red Hat update for samba