[mdlug] Samba vulnerability - CVE-2015-7560 - 2016.03.13
Dr. Robert Meier
list1c30fe42 at bellsouth.net
Sat Apr 9 21:45:04 EDT 2016
"The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23,
4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows
remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1
call to create a symlink, and then using a non-UNIX SMB1 call to write
to the ACL content."On 04/09/2016 10:28 AM, gib at juno.com wrote:"
-- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7560
-- https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0771
"..., Samba 4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at https://www.samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible."
-- https://www.samba.org/samba/security/CVE-2015-7560.html
-- https://www.samba.org/samba/security/CVE-2016-0771.html
Hopefully helpful,
<humor>
Good morning everyone. Your attention please. There is a fire in the
building, but in case someone wants to spread the fire, we're keeping
the location a secret. This afternoon at 3 we've scheduled a visit by
the fire department. We'll sound the fire alarm and tell you which
exits to use after the firemen put the fire out. Have a good day and be
sure to keep listening for updates.
</humor>
More information about the mdlug
mailing list