ID CVE-2015-7560
Summary The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
References
Vulnerable Configurations
  • Samba 4.4.0 Release Candidate 3
    cpe:2.3:a:samba:samba:4.4.0:rc3
  • Samba 4.4.0 Release Candidate 2
    cpe:2.3:a:samba:samba:4.4.0:rc2
  • Samba 4.4.0 Release Candidate 1
    cpe:2.3:a:samba:samba:4.4.0:rc1
  • Samba 4.1.22
    cpe:2.3:a:samba:samba:4.1.22
  • Samba 4.2.8
    cpe:2.3:a:samba:samba:4.2.8
  • Samba 4.2.7
    cpe:2.3:a:samba:samba:4.2.7
  • Samba 4.3.5
    cpe:2.3:a:samba:samba:4.3.5
  • Samba 4.3.4
    cpe:2.3:a:samba:samba:4.3.4
  • Samba 4.3.3
    cpe:2.3:a:samba:samba:4.3.3
  • Samba 4.3.2
    cpe:2.3:a:samba:samba:4.3.2
  • Samba 4.3.1
    cpe:2.3:a:samba:samba:4.3.1
  • Samba 4.3.0
    cpe:2.3:a:samba:samba:4.3.0
  • Samba 4.2.6
    cpe:2.3:a:samba:samba:4.2.6
  • Samba 4.2.5
    cpe:2.3:a:samba:samba:4.2.5
  • Samba 4.2.4
    cpe:2.3:a:samba:samba:4.2.4
  • Samba 4.2.3
    cpe:2.3:a:samba:samba:4.2.3
  • Samba 4.2.2
    cpe:2.3:a:samba:samba:4.2.2
  • Samba 4.2.1
    cpe:2.3:a:samba:samba:4.2.1
  • Samba 4.2.0 release candidate 4
    cpe:2.3:a:samba:samba:4.2.0:rc4
  • Samba 4.2.0 release candidate 3
    cpe:2.3:a:samba:samba:4.2.0:rc3
  • Samba 4.2.0 release candidate 2
    cpe:2.3:a:samba:samba:4.2.0:rc2
  • Samba 4.2.0 release candidate 1
    cpe:2.3:a:samba:samba:4.2.0:rc1
  • Samba 4.1.9
    cpe:2.3:a:samba:samba:4.1.9
  • Samba 4.1.8
    cpe:2.3:a:samba:samba:4.1.8
  • Samba 4.1.7
    cpe:2.3:a:samba:samba:4.1.7
  • Samba 4.1.6
    cpe:2.3:a:samba:samba:4.1.6
  • Samba 4.1.5
    cpe:2.3:a:samba:samba:4.1.5
  • Samba 4.1.4
    cpe:2.3:a:samba:samba:4.1.4
  • Samba 4.1.3
    cpe:2.3:a:samba:samba:4.1.3
  • Samba 4.1.21
    cpe:2.3:a:samba:samba:4.1.21
  • Samba 4.1.20
    cpe:2.3:a:samba:samba:4.1.20
  • Samba 4.1.2
    cpe:2.3:a:samba:samba:4.1.2
  • Samba 4.1.19
    cpe:2.3:a:samba:samba:4.1.19
  • Samba 4.1.18
    cpe:2.3:a:samba:samba:4.1.18
  • Samba 4.1.17
    cpe:2.3:a:samba:samba:4.1.17
  • Samba 4.1.16
    cpe:2.3:a:samba:samba:4.1.16
  • Samba 4.1.15
    cpe:2.3:a:samba:samba:4.1.15
  • Samba 4.1.14
    cpe:2.3:a:samba:samba:4.1.14
  • Samba 4.1.13
    cpe:2.3:a:samba:samba:4.1.13
  • Samba 4.1.12
    cpe:2.3:a:samba:samba:4.1.12
  • Samba 4.1.11
    cpe:2.3:a:samba:samba:4.1.11
  • Samba 4.1.10
    cpe:2.3:a:samba:samba:4.1.10
  • Samba 4.1.1
    cpe:2.3:a:samba:samba:4.1.1
  • Samba 4.1.0
    cpe:2.3:a:samba:samba:4.1.0
  • Samba 4.0.9
    cpe:2.3:a:samba:samba:4.0.9
  • Samba 4.0.8
    cpe:2.3:a:samba:samba:4.0.8
  • Samba 4.0.7
    cpe:2.3:a:samba:samba:4.0.7
  • Samba 4.0.6
    cpe:2.3:a:samba:samba:4.0.6
  • Samba 4.0.5
    cpe:2.3:a:samba:samba:4.0.5
  • Samba 4.0.4
    cpe:2.3:a:samba:samba:4.0.4
  • Samba 4.0.3
    cpe:2.3:a:samba:samba:4.0.3
  • Samba 4.0.24
    cpe:2.3:a:samba:samba:4.0.24
  • Samba 4.0.23
    cpe:2.3:a:samba:samba:4.0.23
  • Samba 4.0.22
    cpe:2.3:a:samba:samba:4.0.22
  • Samba 4.0.21
    cpe:2.3:a:samba:samba:4.0.21
  • Samba 4.0.20
    cpe:2.3:a:samba:samba:4.0.20
  • Samba 4.0.2
    cpe:2.3:a:samba:samba:4.0.2
  • Samba 4.0.19
    cpe:2.3:a:samba:samba:4.0.19
  • Samba 4.0.18
    cpe:2.3:a:samba:samba:4.0.18
  • Samba 4.0.17
    cpe:2.3:a:samba:samba:4.0.17
  • Samba 4.0.16
    cpe:2.3:a:samba:samba:4.0.16
  • Samba 4.0.15
    cpe:2.3:a:samba:samba:4.0.15
  • Samba 4.0.14
    cpe:2.3:a:samba:samba:4.0.14
  • Samba 4.0.13
    cpe:2.3:a:samba:samba:4.0.13
  • Samba 4.0.12
    cpe:2.3:a:samba:samba:4.0.12
  • Samba 4.0.11
    cpe:2.3:a:samba:samba:4.0.11
  • Samba 4.0.10
    cpe:2.3:a:samba:samba:4.0.10
  • Samba 4.0.1
    cpe:2.3:a:samba:samba:4.0.1
  • Samba 4.0.0
    cpe:2.3:a:samba:samba:4.0.0
  • Samba 3.6.9
    cpe:2.3:a:samba:samba:3.6.9
  • Samba 3.6.8
    cpe:2.3:a:samba:samba:3.6.8
  • Samba 3.6.7
    cpe:2.3:a:samba:samba:3.6.7
  • Samba 3.6.6
    cpe:2.3:a:samba:samba:3.6.6
  • Samba 3.6.5
    cpe:2.3:a:samba:samba:3.6.5
  • Samba 3.6.4
    cpe:2.3:a:samba:samba:3.6.4
  • Samba 3.6.3
    cpe:2.3:a:samba:samba:3.6.3
  • Samba 3.6.24
    cpe:2.3:a:samba:samba:3.6.24
  • Samba 3.6.23
    cpe:2.3:a:samba:samba:3.6.23
  • Samba 3.6.22
    cpe:2.3:a:samba:samba:3.6.22
  • Samba 3.6.21
    cpe:2.3:a:samba:samba:3.6.21
  • Samba 3.6.20
    cpe:2.3:a:samba:samba:3.6.20
  • Samba 3.6.2
    cpe:2.3:a:samba:samba:3.6.2
  • Samba 3.6.19
    cpe:2.3:a:samba:samba:3.6.19
  • Samba 3.6.18
    cpe:2.3:a:samba:samba:3.6.18
  • Samba 3.6.17
    cpe:2.3:a:samba:samba:3.6.17
  • Samba 3.6.16
    cpe:2.3:a:samba:samba:3.6.16
  • Samba 3.6.15
    cpe:2.3:a:samba:samba:3.6.15
  • Samba 3.6.14
    cpe:2.3:a:samba:samba:3.6.14
  • Samba 3.6.13
    cpe:2.3:a:samba:samba:3.6.13
  • Samba 3.6.12
    cpe:2.3:a:samba:samba:3.6.12
  • Samba 3.6.11
    cpe:2.3:a:samba:samba:3.6.11
  • Samba 3.6.10
    cpe:2.3:a:samba:samba:3.6.10
  • Samba 3.6.1
    cpe:2.3:a:samba:samba:3.6.1
  • Samba 3.6.0
    cpe:2.3:a:samba:samba:3.6.0
  • Samba 3.5.9
    cpe:2.3:a:samba:samba:3.5.9
  • Samba 3.5.8
    cpe:2.3:a:samba:samba:3.5.8
  • Samba 3.5.7
    cpe:2.3:a:samba:samba:3.5.7
  • Samba 3.5.6
    cpe:2.3:a:samba:samba:3.5.6
  • Samba 3.5.5
    cpe:2.3:a:samba:samba:3.5.5
  • Samba 3.5.4
    cpe:2.3:a:samba:samba:3.5.4
  • Samba 3.5.3
    cpe:2.3:a:samba:samba:3.5.3
  • Samba 3.5.22
    cpe:2.3:a:samba:samba:3.5.22
  • Samba 3.5.21
    cpe:2.3:a:samba:samba:3.5.21
  • Samba 3.5.20
    cpe:2.3:a:samba:samba:3.5.20
  • Samba 3.5.2
    cpe:2.3:a:samba:samba:3.5.2
  • Samba 3.5.19
    cpe:2.3:a:samba:samba:3.5.19
  • Samba 3.5.18
    cpe:2.3:a:samba:samba:3.5.18
  • Samba 3.5.17
    cpe:2.3:a:samba:samba:3.5.17
  • Samba 3.5.16
    cpe:2.3:a:samba:samba:3.5.16
  • Samba 3.5.15
    cpe:2.3:a:samba:samba:3.5.15
  • Samba 3.5.14
    cpe:2.3:a:samba:samba:3.5.14
  • Samba 3.5.13
    cpe:2.3:a:samba:samba:3.5.13
  • Samba 3.5.12
    cpe:2.3:a:samba:samba:3.5.12
  • Samba 3.5.11
    cpe:2.3:a:samba:samba:3.5.11
  • Samba 3.5.10
    cpe:2.3:a:samba:samba:3.5.10
  • Samba 3.5.1
    cpe:2.3:a:samba:samba:3.5.1
  • Samba 3.5.0
    cpe:2.3:a:samba:samba:3.5.0
  • Samba 3.4.9
    cpe:2.3:a:samba:samba:3.4.9
  • Samba 3.4.8
    cpe:2.3:a:samba:samba:3.4.8
  • Samba 3.4.7
    cpe:2.3:a:samba:samba:3.4.7
  • Samba 3.4.6
    cpe:2.3:a:samba:samba:3.4.6
  • Samba 3.4.5
    cpe:2.3:a:samba:samba:3.4.5
  • Samba 3.4.4
    cpe:2.3:a:samba:samba:3.4.4
  • Samba 3.4.3
    cpe:2.3:a:samba:samba:3.4.3
  • Samba 3.4.2
    cpe:2.3:a:samba:samba:3.4.2
  • Samba 3.4.17
    cpe:2.3:a:samba:samba:3.4.17
  • Samba 3.4.16
    cpe:2.3:a:samba:samba:3.4.16
  • Samba 3.4.15
    cpe:2.3:a:samba:samba:3.4.15
  • Samba 3.4.14
    cpe:2.3:a:samba:samba:3.4.14
  • Samba 3.4.13
    cpe:2.3:a:samba:samba:3.4.13
  • Samba 3.4.12
    cpe:2.3:a:samba:samba:3.4.12
  • Samba 3.4.11
    cpe:2.3:a:samba:samba:3.4.11
  • Samba 3.4.10
    cpe:2.3:a:samba:samba:3.4.10
  • Samba 3.4.1
    cpe:2.3:a:samba:samba:3.4.1
  • Samba 3.4.0
    cpe:2.3:a:samba:samba:3.4.0
  • Samba 3.3.9
    cpe:2.3:a:samba:samba:3.3.9
  • Samba 3.3.8
    cpe:2.3:a:samba:samba:3.3.8
  • Samba 3.3.7
    cpe:2.3:a:samba:samba:3.3.7
  • Samba 3.3.6
    cpe:2.3:a:samba:samba:3.3.6
  • Samba 3.3.5
    cpe:2.3:a:samba:samba:3.3.5
  • Samba 3.3.4
    cpe:2.3:a:samba:samba:3.3.4
  • Samba 3.3.3
    cpe:2.3:a:samba:samba:3.3.3
  • Samba 3.3.2
    cpe:2.3:a:samba:samba:3.3.2
  • Samba 3.3.16
    cpe:2.3:a:samba:samba:3.3.16
  • Samba 3.3.15
    cpe:2.3:a:samba:samba:3.3.15
  • Samba 3.3.14
    cpe:2.3:a:samba:samba:3.3.14
  • Samba 3.3.13
    cpe:2.3:a:samba:samba:3.3.13
  • Samba 3.3.12
    cpe:2.3:a:samba:samba:3.3.12
  • Samba 3.3.11
    cpe:2.3:a:samba:samba:3.3.11
  • Samba 3.3.10
    cpe:2.3:a:samba:samba:3.3.10
  • Samba 3.3.1
    cpe:2.3:a:samba:samba:3.3.1
  • Samba 3.3.0
    cpe:2.3:a:samba:samba:3.3.0
  • Samba 3.2.9
    cpe:2.3:a:samba:samba:3.2.9
  • Samba 3.2.8
    cpe:2.3:a:samba:samba:3.2.8
  • Samba 3.2.7
    cpe:2.3:a:samba:samba:3.2.7
  • Samba 3.2.6
    cpe:2.3:a:samba:samba:3.2.6
  • Samba 3.2.5
    cpe:2.3:a:samba:samba:3.2.5
  • Samba 3.2.4
    cpe:2.3:a:samba:samba:3.2.4
  • Samba 3.2.3
    cpe:2.3:a:samba:samba:3.2.3
  • Samba 3.2.2
    cpe:2.3:a:samba:samba:3.2.2
  • Samba 3.2.15
    cpe:2.3:a:samba:samba:3.2.15
  • Samba 3.2.14
    cpe:2.3:a:samba:samba:3.2.14
  • Samba 3.2.13
    cpe:2.3:a:samba:samba:3.2.13
  • Samba 3.2.12
    cpe:2.3:a:samba:samba:3.2.12
  • Samba 3.2.11
    cpe:2.3:a:samba:samba:3.2.11
  • Samba 3.2.10
    cpe:2.3:a:samba:samba:3.2.10
  • Samba 3.2.1
    cpe:2.3:a:samba:samba:3.2.1
  • Samba 3.2.0
    cpe:2.3:a:samba:samba:3.2.0
  • Samba 3.1.0
    cpe:2.3:a:samba:samba:3.1.0
  • Samba 3.0.9
    cpe:2.3:a:samba:samba:3.0.9
  • Samba 3.0.8
    cpe:2.3:a:samba:samba:3.0.8
  • Samba 3.0.7
    cpe:2.3:a:samba:samba:3.0.7
  • Samba 3.0.6
    cpe:2.3:a:samba:samba:3.0.6
  • Samba 3.0.5
    cpe:2.3:a:samba:samba:3.0.5
  • Samba 3.0.4 release candidate 1
    cpe:2.3:a:samba:samba:3.0.4:rc1
  • Samba 3.0.4
    cpe:2.3:a:samba:samba:3.0.4
  • Samba 3.0.37
    cpe:2.3:a:samba:samba:3.0.37
  • Samba 3.0.36
    cpe:2.3:a:samba:samba:3.0.36
  • Samba 3.0.35
    cpe:2.3:a:samba:samba:3.0.35
  • Samba 3.0.34
    cpe:2.3:a:samba:samba:3.0.34
  • Samba 3.0.33
    cpe:2.3:a:samba:samba:3.0.33
  • Samba 3.0.32
    cpe:2.3:a:samba:samba:3.0.32
  • Samba 3.0.31
    cpe:2.3:a:samba:samba:3.0.31
  • Samba 3.0.30
    cpe:2.3:a:samba:samba:3.0.30
  • Samba 3.0.3
    cpe:2.3:a:samba:samba:3.0.3
  • Samba 3.0.2a
    cpe:2.3:a:samba:samba:3.0.2a
  • Samba 3.0.29
    cpe:2.3:a:samba:samba:3.0.29
  • Samba 3.0.28a
    cpe:2.3:a:samba:samba:3.0.28:a
  • Samba 3.0.28
    cpe:2.3:a:samba:samba:3.0.28
  • Samba 3.0.27a
    cpe:2.3:a:samba:samba:3.0.27:a
  • Samba 3.0.27
    cpe:2.3:a:samba:samba:3.0.27
  • Samba 3.0.26a
    cpe:2.3:a:samba:samba:3.0.26a
  • Samba 3.0.26a
    cpe:2.3:a:samba:samba:3.0.26:a
  • Samba 3.0.26
    cpe:2.3:a:samba:samba:3.0.26
  • Samba 3.0.25c
    cpe:2.3:a:samba:samba:3.0.25c
  • Samba 3.0.25b
    cpe:2.3:a:samba:samba:3.0.25b
  • Samba 3.0.25a
    cpe:2.3:a:samba:samba:3.0.25a
  • Samba 3.0.25 release candidate 3
    cpe:2.3:a:samba:samba:3.0.25:rc3
  • Samba 3.0.25 release candiate 2
    cpe:2.3:a:samba:samba:3.0.25:rc2
  • Samba 3.0.25 release candidate 1
    cpe:2.3:a:samba:samba:3.0.25:rc1
  • Samba 3.0.25 pre2
    cpe:2.3:a:samba:samba:3.0.25:pre2
  • Samba 3.0.25 pre1
    cpe:2.3:a:samba:samba:3.0.25:pre1
  • Samba 3.0.25c
    cpe:2.3:a:samba:samba:3.0.25:c
  • Samba 3.0.25b
    cpe:2.3:a:samba:samba:3.0.25:b
  • Samba 3.0.25a
    cpe:2.3:a:samba:samba:3.0.25:a
  • Samba 3.0.25
    cpe:2.3:a:samba:samba:3.0.25
  • Samba 3.0.24
    cpe:2.3:a:samba:samba:3.0.24
  • Samba 3.0.23d
    cpe:2.3:a:samba:samba:3.0.23d
  • Samba 3.0.23c
    cpe:2.3:a:samba:samba:3.0.23c
  • Samba 3.0.23b
    cpe:2.3:a:samba:samba:3.0.23b
  • Samba 3.0.23a
    cpe:2.3:a:samba:samba:3.0.23a
  • Samba 3.0.23d
    cpe:2.3:a:samba:samba:3.0.23:d
  • Samba 3.0.23c
    cpe:2.3:a:samba:samba:3.0.23:c
  • Samba 3.0.23b
    cpe:2.3:a:samba:samba:3.0.23:b
  • Samba 3.0.23a
    cpe:2.3:a:samba:samba:3.0.23:a
  • Samba 3.0.23
    cpe:2.3:a:samba:samba:3.0.23
  • Samba 3.0.22
    cpe:2.3:a:samba:samba:3.0.22
  • Samba 3.0.21c
    cpe:2.3:a:samba:samba:3.0.21c
  • Samba 3.0.21b
    cpe:2.3:a:samba:samba:3.0.21b
  • Samba 3.0.21a
    cpe:2.3:a:samba:samba:3.0.21a
  • Samba 3.0.21c
    cpe:2.3:a:samba:samba:3.0.21:c
  • Samba 3.0.21b
    cpe:2.3:a:samba:samba:3.0.21:b
  • Samba 3.0.21a
    cpe:2.3:a:samba:samba:3.0.21:a
  • Samba 3.0.21
    cpe:2.3:a:samba:samba:3.0.21
  • Samba 3.0.20b
    cpe:2.3:a:samba:samba:3.0.20b
  • Samba 3.0.20a
    cpe:2.3:a:samba:samba:3.0.20a
  • Samba 3.0.20b
    cpe:2.3:a:samba:samba:3.0.20:b
  • Samba 3.0.20a
    cpe:2.3:a:samba:samba:3.0.20:a
  • Samba 3.0.20
    cpe:2.3:a:samba:samba:3.0.20
  • Samba 3.0.2a
    cpe:2.3:a:samba:samba:3.0.2:a
  • Samba 3.0.2
    cpe:2.3:a:samba:samba:3.0.2
  • Samba 3.0.19
    cpe:2.3:a:samba:samba:3.0.19
  • Samba 3.0.18
    cpe:2.3:a:samba:samba:3.0.18
  • Samba 3.0.17
    cpe:2.3:a:samba:samba:3.0.17
  • Samba 3.0.16
    cpe:2.3:a:samba:samba:3.0.16
  • Samba 3.0.15
    cpe:2.3:a:samba:samba:3.0.15
  • Samba 3.0.14a
    cpe:2.3:a:samba:samba:3.0.14a
  • Samba 3.0.14a
    cpe:2.3:a:samba:samba:3.0.14:a
  • Samba 3.0.14
    cpe:2.3:a:samba:samba:3.0.14
  • Samba 3.0.13
    cpe:2.3:a:samba:samba:3.0.13
  • Samba 3.0.12
    cpe:2.3:a:samba:samba:3.0.12
  • Samba 3.0.11
    cpe:2.3:a:samba:samba:3.0.11
  • Samba 3.0.10
    cpe:2.3:a:samba:samba:3.0.10
  • Samba 3.0.1
    cpe:2.3:a:samba:samba:3.0.1
  • Samba 3.0.0
    cpe:2.3:a:samba:samba:3.0.0
CVSS
Base: 4.0 (as of 21-03-2016 - 14:58)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0814-1.NASL
    description This update for samba fixes the following issues : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target. (bso#11648 bsc#968222) Also the following bugs were fixed : - Add quotes around path of update-apparmor-samba-profile; (bsc#962177). - Prevent access denied if the share path is '/'; (bso#11647); (bsc#960249). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953382). - samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90063
    published 2016-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90063
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:0814-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160315_SAMBA_ON_SL6_X.NASL
    description A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 89959
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89959
    title Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3514.NASL
    description Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-7560 Jeremy Allison of Google, Inc. and the Samba Team discovered that Samba incorrectly handles getting and setting ACLs on a symlink path. An authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or directory, and then use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory linked to. - CVE-2016-0771 Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba is vulnerable to an out-of-bounds read issue during DNS TXT record handling, if Samba is deployed as an AD DC and chosen to run the internal DNS server. A remote attacker can exploit this flaw to cause a denial of service (Samba crash), or potentially, to allow leakage of memory from the server in the form of a DNS TXT reply. Additionally this update includes a fix for a regression introduced due to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the share path is '/'.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89876
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89876
    title Debian DSA-3514-1 : samba - security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2922-1.NASL
    description Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink paths. A remote attacker could use this issue to overwrite the ownership of ACLs using symlinks. (CVE-2015-7560) Garming Sam and Douglas Bagnall discovered that the Samba internal DNS server incorrectly handled certain DNS TXT records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly obtain uninitialized memory contents. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771) It was discovered that the Samba Web Administration Tool (SWAT) was vulnerable to clickjacking and cross-site request forgery attacks. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-0213, CVE-2013-0214). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 89777
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89777
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2922-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-359.NASL
    description This update for samba fixes the following issues : Version update to 4.1.23. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (boo#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (boo#968223). Also fixed : - Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 90054
    published 2016-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90054
    title openSUSE Security Update : samba (openSUSE-2016-359)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-462.NASL
    description samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang, spinning using CPU (boo#958581). - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share)(boo#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (boo#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (boo#958583). - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts (boo#958585). - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target (boo#968222). These non-security issues were fixed : - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (boo#974629). - Align fsrvp feature sources with upstream version. - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel; (boo#973832). - s3:utils/smbget: Fix recursive download; (bso#6482). - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). - docs: Add example for domain logins to smbspool man page; (bso#11643). - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). - loadparm: Fix memory leak issue; (bso#11708). - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). - ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719). - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). - param: Fix str_list_v3 to accept ';' again; (bso#11732). - Real memeory leak(buildup) issue in loadparm; (bso#11740). - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (boo#972197). - Upgrade on-disk FSRVP server state to new version; (boo#924519). - Only obsolete but do not provide gplv2/3 package names; (boo#968973). - Enable clustering (CTDB) support; (boo#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (boo#964023). - vfs_fruit: Fix renaming directories with open files; (bso#11065). - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347). - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). - Reduce the memory footprint of empty string options; (bso#11625). - lib/async_req: Do not install async_connect_send_test; (bso#11639). - docs: Fix typos in man vfs_gpfs; (bso#11641). - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645). - smbcacls: Fix uninitialized variable; (bso#11682). - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). - Changing log level of two entries to from 1 to 3; (bso#9912). - vfs_gpfs: Re-enable share modes; (bso#11243). - wafsamba: Also build libraries with RELRO protection; (bso#11346). - ctdb: Strip trailing spaces from nodes file; (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - async_req: Fix non-blocking connect(); (bso#11564). - auth: gensec: Fix a memory leak; (bso#11565). - lib: util: Make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (boo#949022). - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). - manpage: Correct small typo error; (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Remove redundant configure options while adding with-relro. - s3: smbd: Fix our access-based enumeration on 'hide unreadable' to match Windows; (bso#10252). - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). - kerberos: Make sure we only use prompter type when available; (bso#11038). - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316). - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - s3: smbd: Fix mkdir race condition; (bso#11486). - pam_winbind: Fix a segfault if initialization fails; (bso#11502). - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). - net: Fix a crash with 'net ads keytab create'; (bso#11528). - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). - Relocate the tmpfiles.d directory to the client package; (boo#947552). - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (boo#942716). - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051). - auth/credentials: If credentials have principal set, they are not anonymous anymore; (bso#11265). - Fix stream names with colon with 'fruit:encoding = native'; (bso#11278). - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291). - lib: Fix rundown of open_socket_out(); (bso#11316). - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316). - vfs:fruit: Implement copyfile style copy_chunk; (bso#11317). - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM; (bso#11398). - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds; (bso#11399). - ctdb-daemon: Improve error handling for running event scripts; (bso#11431). - ctdb-daemon: Check if updates are in flight when releasing all IPs; (bso#11432). - ctdb-build: Fix building of PCP PMDA module; (bso#11435). - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454). - vfs_fruit: Handling of empty resource fork; (bso#11467). - Avoid quoting problems in user's DNs; (bso#11488). - s3-auth: Fix 'map to guest = Bad uid'; (bso#9862). - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). - s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). - winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). - Logon via MS Remote Desktop hangs; (bso#11061). - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). - tevent: Add a note to tevent_add_fd(); (bso#11141). - s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). - s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). - smbd: Fix a use-after-free; (bso#11218); (boo#919309). - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). - s3:smb2: Add padding to last command in compound requests; (bso#11277). - Add IPv6 support to ADS client side LDAP connects; (bso#11281). - Add IPv6 support for determining FQDN during ADS join; (bso#11282). - s3: IPv6 enabled DNS connections for ADS client; (bso#11283). - Fix invalid write in ctdb_lock_context_destructor; (bso#11293). - Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). - vfs_fruit: Add option 'veto_appledouble'; (bso#11305). - tstream: Make socketpair nonblocking; (bso#11312). - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). - Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). - tevent_fd needs to be destroyed before closing the fd; (bso#11316). - Build fails on Solaris 11 with '‘PTHREAD_MUTEX_ROBUST’ undeclared'; (bso#11319). - smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). - Change sharesec output back to previous format; (bso#11324). - Robust mutex support broken in 1.3.5; (bso#11326). - Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (boo#912457). - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). - tevent: Fix CID 1035381 Unchecked return value; (bso#11330). - tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). - s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). - s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). - pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). - winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). - vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). - docs: Overhaul the description of 'smb encrypt' to include SMB3 encryption; (bso#11366). - s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). - ncacn_http: Fix GNUism; (bso#11371). - Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (boo#912457). - Order winbind.service Before and Want nss-user-lookup target. - s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). - gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). - s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). - s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). - s3: smbd: Incorrect file size returned in the response of 'FILE_SUPERSEDE Create'; (bso#11240). - Mangled names do not work with acl_xattr; (bso#11249). - nmbd rewrites browse.dat when not required; (bso#11254). - vfs_fruit: add option 'nfs_aces' that controls the NFS ACEs stuff; (bso#11213). - s3:smbd: Add missing tevent_req_nterror; (bso#11224). - vfs: kernel_flock and named streams; (bso#11243). - vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). - ctdb: check for talloc_asprintf() failure; (bso#11201). - spoolss: purge the printer name cache on name change; (bso#11210); (boo#901813). - CTDB statd-callout does not scale; (bso#11204). - vfs_fruit: also map characters below 0x20; (bso#11221). - ctdb: Coverity fix for CID 1291643; (bso#11201). - Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). - Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). - ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). - s3:winbindd: make sure we remove pending io requests before closing client - 'sharesec' output no longer matches input format; (bso#11237). - waf: Fix systemd detection; (bso#11200). - CTDB: Fix portability issues; (bso#11202). - CTDB: Fix some IPv6-related issues; (bso#11203). - CTDB statd-callout does not scale; (bso#11204). - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). - libads: record service ticket endtime for sealed ldap connections; - lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033). - Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). - build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). - waf: Fix the build on openbsd; (bso#10476). - s3: client: 'client use spnego principal = yes' code checks wrong name; - spoolss: Retrieve published printer GUID if not in registry; (bso#11018). - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). - backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). - replace: Remove superfluous check for gcrypt header; (bso#11135). - Backport subunit changes; (bso#11137). - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). - talloc: Version 2.1.2; (bso#11144). - Update libwbclient version to 0.12; (bso#11149). - brlock: Use 0 instead of empty initializer list; (bso#11153). - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). - Prevent samba package updates from disabling samba kerberos printing. - Add sparse file support for samba; (fate#318424). - Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root. - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). - pam_winbind: fix warn_pwd_expire implementation; (bso#9056). - nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). - Make 'profiles' work again; (bso#9629). - s3:smb2_server: protect against integer wrap with 'smb2 max credits = 65535'; (bso#9702). - Make validate_ldb of String(Generalized-Time) accept millisecond format '.000Z'; (bso#9810). - Use -R linker flag on Solaris, not -rpath; (bso#10112). - vfs: Add glusterfs manpage; (bso#10240). - Make 'smbclient' use cached creds; (bso#10279). - pdb: Fix build issues with shared modules; (bso#10355). - s4-dns: Add support for BIND 9.10; (bso#10620). - idmap: Return the correct id type to *id_to_sid methods; (bso#10720). - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). - Don't build vfs_snapper on FreeBSD; (bso#10834). - nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). - s3: smb2cli: query info return length check was reversed; (bso#10848). - s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). - lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). - winbind3: Fix pwent variable substitution; (bso#10852). - Improve samba-regedit; (bso#10859). - registry: Don't leave dangling transactions; (bso#10860). - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). - build: Do not install 'texpect' binary anymore; (bso#10862). - Fix testparm to show hidden share defaults; (bso#10864). - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). - Integrate CTDB into top-level Samba build; (bso#10892). - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). - s3-nmbd: Fix netbios name truncation; (bso#10896). - spoolss: Fix handling of bad EnumJobs levels; (bso#10898). - Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). - Fix print job enumeration; (bso#10905); (boo#898031). - samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). - Add support for SMB2 leases; (bso#10911). - btrfs: Don't leak opened directory handle; (bso#10918). - s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). - s3:smbd: Fix file corruption using 'write cache size != 0'; (bso#10921). - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). - s3-keytab: fix keytab array NULL termination; (bso#10933). - s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). - Cleanup add_string_to_array and usage; (bso#10942). - dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). - Fix RootDSE search with extended dn control; (bso#10949). - Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). - libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). - s3-smbclient: Return success if we listed the shares; (bso#10960). - s3-smbstatus: Fix exit code of profile output; (bso#10961). - socket_wrapper: Add missing prototype check for eventfd; (bso#10965). - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). - vfs_streams_xattr: Check stream type; (bso#10971). - s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). - vfs_fruit: Add support for AAPL; (bso#10983). - Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). - dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). - Fix IPv6 support in CTDB; (bso#10996). - ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). - s3-util: Fix authentication with long hostnames; (bso#11008). - ctdb-build: Fix build without xsltproc; (bso#11014). - packaging: Include CTDB man pages in the tarball; (bso#11014). - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). - Make Sharepoint search show user documents; (bso#11022). - nss_wrapper: check for nss.h; (bso#11026). - Enable mutexes in gencache_notrans.tdb; (bso#11032). - tdb_wrap: Make mutexes easier to use; (bso#11032). - lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). - winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). - vfs_fruit: Fix base_fsp name conversion; (bso#11039). - vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). - Fix authentication using Kerberos (not AD); (bso#11044). - net: Fix sam addgroupmem; (bso#11051). - vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (boo#913238). - cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). - utils: Fix 'net time' segfault; (bso#11058). - libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). - vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). - vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). - vfs_glusterfs: Implement AIO support; (bso#11069). - s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). - s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (boo#917376). - vfs: Add a brief vfs_ceph manpage; (bso#11088). - s3: smbclient: Allinfo leaves the file handle open; (bso#11094). - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). - debug: Set close-on-exec for the main log file FD; (bso#11100). - s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). - s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). - snprintf: Try to support %j; (bso#11119). - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). - doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127). - Fix usage of freed memory on server exit; (bso#11218); (boo#919309). - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346).
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 90558
    published 2016-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90558
    title openSUSE Security Update : samba (openSUSE-2016-462) (Badlock)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-4B55F00D00.NASL
    description Update to Samba 4.4.0rc4, fixes CVE-2015-7560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 90212
    published 2016-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90212
    title Fedora 24 : samba-4.4.0-0.7.rc4.fc24 (2016-4b55f00d00)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0449.NASL
    description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89944
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89944
    title CentOS 6 : samba4 (CESA-2016:0449)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0448.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89954
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89954
    title RHEL 6 / 7 : samba (RHSA-2016:0448)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0448.NASL
    description From Red Hat Security Advisory 2016:0448 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 89951
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89951
    title Oracle Linux 6 / 7 : samba (ELSA-2016-0448)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0449.NASL
    description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89955
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89955
    title RHEL 6 : samba4 (RHSA-2016:0449)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-674.NASL
    description A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 90267
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90267
    title Amazon Linux AMI : samba (ALAS-2016-674)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0837-1.NASL
    description This update for samba fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bug fixed : - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90093
    published 2016-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90093
    title SUSE SLED11 / SLES11 Security Update : samba (SUSE-SU-2016:0837-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-ED1587F6BA.NASL
    description Update to Samba 4.3.6, fixes CVE-2015-7560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89894
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89894
    title Fedora 23 : samba-4.3.6-0.fc23 (2016-ed1587f6ba)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160315_SAMBA4_ON_SL6_X.NASL
    description A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 89958
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89958
    title Scientific Linux Security Update : samba4 on SL6.x i386/x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-068-02.NASL
    description New samba packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2019-02-21
    modified 2016-10-19
    plugin id 89759
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89759
    title Slackware 14.1 / current : samba (SSA:2016-068-02)
  • NASL family Misc.
    NASL id SAMBA_4_3_6.NASL
    description According to its banner, the version of Samba running on the remote host is 3.2.x prior to 4.1.23, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.0 prior to 4.4.0rc4. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists in the SMB1 implementation that is triggered when a symlink created to a file or directory using SMB1 UNIX extensions is accessed using non-UNIX SMB1 calls. An authenticated, remote attacker can exploit this to overwrite file and directory ACLs. (CVE-2015-7560) - An out-of-bounds read error exists in the internal DNS server due to improper handling of TXT records when an AD DC is configured. An authenticated, remote attacker can exploit this, via a crafted DNS TXT record, to cause a crash or disclose memory contents. (CVE-2016-0771) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90098
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90098
    title Samba 3.2.x < 4.1.23 / 4.2.x < 4.2.9 / 4.3.x < 4.3.6 / 4.4.0 < 4.4.0rc4 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0448.NASL
    description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89943
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89943
    title CentOS 6 / 7 : samba (CESA-2016:0448)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0447.NASL
    description Updated samba packages that fix one security issue and one bug are now available for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. This update also fixes the following bug : * Under a high load, the vfs_glusterfs AIO code would hit a use-after-free error and cause a crash. This update fixes the affected code, and crashes no longer occur. (BZ #1315736) All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 89983
    published 2016-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89983
    title RHEL 6 / 7 : Storage Server (RHSA-2016:0447)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0449.NASL
    description From Red Hat Security Advisory 2016:0449 : Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 89952
    published 2016-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89952
    title Oracle Linux 6 : samba4 (ELSA-2016-0449)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-CAD77A4576.NASL
    description Update to Samba 4.2.9, fixes CVE-2015-7560 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89889
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89889
    title Fedora 22 : samba-4.2.9-0.fc22 (2016-cad77a4576)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0816-1.NASL
    description This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Other bugs fixed : - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023). - vfs_fruit: Fix renaming directories with open files; (bso#11065). - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347). - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). - Reduce the memory footprint of empty string options; (bso#11625). - lib/async_req: Do not install async_connect_send_test; (bso#11639). - docs: Fix typos in man vfs_gpfs; (bso#11641). - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645). - smbcacls: Fix uninitialized variable; (bso#11682). - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). - Add quotes around path of update-apparmor-samba-profile; (bsc#962177). - Prevent access denied if the share path is '/'; (bso#11647); (bsc#960249). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953972). - samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90064
    published 2016-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90064
    title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:0816-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1006.NASL
    description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99769
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99769
    title EulerOS 2.0 SP1 : samba (EulerOS-SA-2016-1006)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-399.NASL
    description This update for the samba server fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Other bugs fixed : - Enable clustering (CTDB) support; (bsc#966271). - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023). - vfs_fruit: Fix renaming directories with open files; (bso#11065). - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347). - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). - Reduce the memory footprint of empty string options; (bso#11625). - lib/async_req: Do not install async_connect_send_test; (bso#11639). - docs: Fix typos in man vfs_gpfs; (bso#11641). - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645). - smbcacls: Fix uninitialized variable; (bso#11682). - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). - Add quotes around path of update-apparmor-samba-profile; (bsc#962177). - Prevent access denied if the share path is '/'; (bso#11647); (bsc#960249). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953972). - samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 90173
    published 2016-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90173
    title openSUSE Security Update : samba (openSUSE-2016-399)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0905-1.NASL
    description This update for samba fixes the following issues : Security issue fixed : - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bugs fixed : - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953382). - Ensure attempt to ssh into locked account triggers 'Your account is disabled.....' to the console; (bsc#953382). - Make the winbind package depend on the matching libwbclient version and vice versa; (bsc#936909). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90262
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90262
    title SUSE SLES11 Security Update : samba (SUSE-SU-2016:0905-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-490.NASL
    description This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114: 'server signing = mandatory' not enforced (bsc#973035). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions are no longer supported by upstream. As a side effect, libpdb0 package was replaced by libsamba-passdb0.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 90609
    published 2016-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90609
    title openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)
redhat via4
advisories
  • bugzilla
    id 1309992
    title CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment libsmbclient is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448007
          • comment libsmbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860012
        • AND
          • comment libsmbclient-devel is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448019
          • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860022
        • AND
          • comment samba is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448017
          • comment samba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860006
        • AND
          • comment samba-client is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448027
          • comment samba-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860014
        • AND
          • comment samba-common is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448015
          • comment samba-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860016
        • AND
          • comment samba-doc is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448011
          • comment samba-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860026
        • AND
          • comment samba-domainjoin-gui is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448005
          • comment samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860024
        • AND
          • comment samba-glusterfs is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448029
          • comment samba-glusterfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150251030
        • AND
          • comment samba-swat is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448023
          • comment samba-swat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860008
        • AND
          • comment samba-winbind is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448021
          • comment samba-winbind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860010
        • AND
          • comment samba-winbind-clients is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448025
          • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860020
        • AND
          • comment samba-winbind-devel is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448013
          • comment samba-winbind-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860018
        • AND
          • comment samba-winbind-krb5-locator is earlier than 0:3.6.23-25.el6_7
            oval oval:com.redhat.rhsa:tst:20160448009
          • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111221018
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment ctdb is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448051
          • comment ctdb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006014
        • AND
          • comment ctdb-devel is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448062
          • comment ctdb-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006046
        • AND
          • comment ctdb-tests is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448043
          • comment ctdb-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006036
        • AND
          • comment libsmbclient is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448077
          • comment libsmbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860012
        • AND
          • comment libsmbclient-devel is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448064
          • comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860022
        • AND
          • comment libwbclient is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448075
          • comment libwbclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867026
        • AND
          • comment libwbclient-devel is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448058
          • comment libwbclient-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867008
        • AND
          • comment samba is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448039
          • comment samba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860006
        • AND
          • comment samba-client is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448040
          • comment samba-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860014
        • AND
          • comment samba-client-libs is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448047
          • comment samba-client-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006044
        • AND
          • comment samba-common is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448078
          • comment samba-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860016
        • AND
          • comment samba-common-libs is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448037
          • comment samba-common-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006012
        • AND
          • comment samba-common-tools is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448035
          • comment samba-common-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006016
        • AND
          • comment samba-dc is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448053
          • comment samba-dc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867028
        • AND
          • comment samba-dc-libs is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448065
          • comment samba-dc-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867014
        • AND
          • comment samba-devel is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448068
          • comment samba-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867020
        • AND
          • comment samba-libs is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448060
          • comment samba-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867024
        • AND
          • comment samba-pidl is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448079
          • comment samba-pidl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867022
        • AND
          • comment samba-python is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448056
          • comment samba-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867010
        • AND
          • comment samba-test is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448073
          • comment samba-test is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867040
        • AND
          • comment samba-test-devel is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448049
          • comment samba-test-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867030
        • AND
          • comment samba-test-libs is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448045
          • comment samba-test-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160006028
        • AND
          • comment samba-vfs-glusterfs is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448041
          • comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867044
        • AND
          • comment samba-winbind is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448055
          • comment samba-winbind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860010
        • AND
          • comment samba-winbind-clients is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448067
          • comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100860020
        • AND
          • comment samba-winbind-krb5-locator is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448072
          • comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111221018
        • AND
          • comment samba-winbind-modules is earlier than 0:4.2.3-12.el7_2
            oval oval:com.redhat.rhsa:tst:20160448070
          • comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140867016
    rhsa
    id RHSA-2016:0448
    released 2016-03-15
    severity Moderate
    title RHSA-2016:0448: samba security update (Moderate)
  • bugzilla
    id 1309992
    title CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment samba4 is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449017
        • comment samba4 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506006
      • AND
        • comment samba4-client is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449027
        • comment samba4-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506014
      • AND
        • comment samba4-common is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449013
        • comment samba4-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506022
      • AND
        • comment samba4-dc is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449025
        • comment samba4-dc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506020
      • AND
        • comment samba4-dc-libs is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449009
        • comment samba4-dc-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506028
      • AND
        • comment samba4-devel is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449007
        • comment samba4-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506026
      • AND
        • comment samba4-libs is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449011
        • comment samba4-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506010
      • AND
        • comment samba4-pidl is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449029
        • comment samba4-pidl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506032
      • AND
        • comment samba4-python is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449005
        • comment samba4-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506030
      • AND
        • comment samba4-swat is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449019
        • comment samba4-swat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506016
      • AND
        • comment samba4-test is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449031
        • comment samba4-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506008
      • AND
        • comment samba4-winbind is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449021
        • comment samba4-winbind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506024
      • AND
        • comment samba4-winbind-clients is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449015
        • comment samba4-winbind-clients is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506012
      • AND
        • comment samba4-winbind-krb5-locator is earlier than 0:4.0.0-68.el6_7.rc4
          oval oval:com.redhat.rhsa:tst:20160449023
        • comment samba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130506018
    rhsa
    id RHSA-2016:0449
    released 2016-03-15
    severity Moderate
    title RHSA-2016:0449: samba4 security update (Moderate)
rpms
  • libsmbclient-0:3.6.23-25.el6_7
  • libsmbclient-devel-0:3.6.23-25.el6_7
  • samba-0:3.6.23-25.el6_7
  • samba-client-0:3.6.23-25.el6_7
  • samba-common-0:3.6.23-25.el6_7
  • samba-doc-0:3.6.23-25.el6_7
  • samba-domainjoin-gui-0:3.6.23-25.el6_7
  • samba-glusterfs-0:3.6.23-25.el6_7
  • samba-swat-0:3.6.23-25.el6_7
  • samba-winbind-0:3.6.23-25.el6_7
  • samba-winbind-clients-0:3.6.23-25.el6_7
  • samba-winbind-devel-0:3.6.23-25.el6_7
  • samba-winbind-krb5-locator-0:3.6.23-25.el6_7
  • ctdb-0:4.2.3-12.el7_2
  • ctdb-devel-0:4.2.3-12.el7_2
  • ctdb-tests-0:4.2.3-12.el7_2
  • libsmbclient-0:4.2.3-12.el7_2
  • libsmbclient-devel-0:4.2.3-12.el7_2
  • libwbclient-0:4.2.3-12.el7_2
  • libwbclient-devel-0:4.2.3-12.el7_2
  • samba-0:4.2.3-12.el7_2
  • samba-client-0:4.2.3-12.el7_2
  • samba-client-libs-0:4.2.3-12.el7_2
  • samba-common-0:4.2.3-12.el7_2
  • samba-common-libs-0:4.2.3-12.el7_2
  • samba-common-tools-0:4.2.3-12.el7_2
  • samba-dc-0:4.2.3-12.el7_2
  • samba-dc-libs-0:4.2.3-12.el7_2
  • samba-devel-0:4.2.3-12.el7_2
  • samba-libs-0:4.2.3-12.el7_2
  • samba-pidl-0:4.2.3-12.el7_2
  • samba-python-0:4.2.3-12.el7_2
  • samba-test-0:4.2.3-12.el7_2
  • samba-test-devel-0:4.2.3-12.el7_2
  • samba-test-libs-0:4.2.3-12.el7_2
  • samba-vfs-glusterfs-0:4.2.3-12.el7_2
  • samba-winbind-0:4.2.3-12.el7_2
  • samba-winbind-clients-0:4.2.3-12.el7_2
  • samba-winbind-krb5-locator-0:4.2.3-12.el7_2
  • samba-winbind-modules-0:4.2.3-12.el7_2
  • samba4-0:4.0.0-68.el6_7.rc4
  • samba4-client-0:4.0.0-68.el6_7.rc4
  • samba4-common-0:4.0.0-68.el6_7.rc4
  • samba4-dc-0:4.0.0-68.el6_7.rc4
  • samba4-dc-libs-0:4.0.0-68.el6_7.rc4
  • samba4-devel-0:4.0.0-68.el6_7.rc4
  • samba4-libs-0:4.0.0-68.el6_7.rc4
  • samba4-pidl-0:4.0.0-68.el6_7.rc4
  • samba4-python-0:4.0.0-68.el6_7.rc4
  • samba4-swat-0:4.0.0-68.el6_7.rc4
  • samba4-test-0:4.0.0-68.el6_7.rc4
  • samba4-winbind-0:4.0.0-68.el6_7.rc4
  • samba4-winbind-clients-0:4.0.0-68.el6_7.rc4
  • samba4-winbind-krb5-locator-0:4.0.0-68.el6_7.rc4
refmap via4
bid 84267
confirm
debian DSA-3514
fedora
  • FEDORA-2016-4b55f00d00
  • FEDORA-2016-cad77a4576
  • FEDORA-2016-ed1587f6ba
sectrack 1035220
suse
  • SUSE-SU-2016:0814
  • SUSE-SU-2016:0816
  • SUSE-SU-2016:0837
  • SUSE-SU-2016:0905
  • openSUSE-SU-2016:0813
  • openSUSE-SU-2016:0877
  • openSUSE-SU-2016:1064
  • openSUSE-SU-2016:1106
  • openSUSE-SU-2016:1107
ubuntu USN-2922-1
Last major update 02-12-2016 - 22:13
Published 13-03-2016 - 18:59
Back to Top