CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path

CVE ID

CVE-2015-7560

DESCRIPTION

A flaw was found in the way Samba handled ACLs on symbolic links. An
authenticated user could use this flaw to gain access to an arbitrary file or
directory by overwriting its ACL.

CVSS2 Base Score    3.5
Impact: Moderate 

 

RESOLUTION

Resolution:
This was fixed in samba-3.6.23-25.el6_7.x86_64 and later. 
Apply Unitrends security update v10.29 from 07/27/2018 or later, containing  samba-3.6.23-45.el6_9.x86_64

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us