The Samba-Bugzilla – Attachment 11768 Details for
Bug 11648
[SECURITY] CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Initial CVE text.
CVE-2015-7560.txt (text/plain), 1.60 KB, created by
Jeremy Allison
on 2016-01-11 23:04:48 UTC
(
hide
)
Description:
Initial CVE text.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-01-11 23:04:48 UTC
Size:
1.60 KB
patch
obsolete
>=========================================================== >== Subject: Incorrect ACL get/set allowed on symlink path. >== >== CVE ID#: CVE-2015-7560 >== >== Versions: Samba 3.2.0 to 4.3.3 >== >== Summary: Authenticated client could cause Samba to >== overwrite ACLs with incorrect owner/group. >== >=========================================================== > >=========== >Description >=========== > >All versions of Samba from 3.2.0 to 4.3.3 inclusive are vulnerable to >a malicious client overwriting the ownership of ACLs using symlinks. > >An authenticated malicious client can use SMB1 UNIX extensions to >create a symlink to a file or directory, and then use non-UNIX SMB1 >calls to overwrite the contents of the ACL on the file or directory >linked to. > >================== >Patch Availability >================== > >A patch addressing this defect has been posted to > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.3.4, 4.2.8 and 4.1.23 have been issued as >security releases to correct the defect. Patches against older Samba >versions are available at http://samba.org/samba/patches/. Samba >vendors and administrators running affected versions are advised to >upgrade or apply the patch as soon as possible. > >========== >Workaround >========== > >Add the parameter: > >unix extensions = no > >to the [global] section of your smb.conf and restart smbd. > >Alternatively, prohibit the use of SMB1 by setting the parameter: > >server min protocol = SMB2 > >to the [global] section of your smb.conf and restart smbd. > >======= >Credits >======= > >This problem was found by Jeremy Allison of Google, Inc. and the Samba >Team, who also provided the fix.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11768">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 11648
:
11740
|
11757
|
11760
|
11763
|
11764
|
11768
|
11769
|
11770
|
11773
|
11774
|
11775
|
11776
|
11777
|
11778
|
11779
|
11856
|
11857
|
11858
|
11859
|
11860
|
11861
|
11862
|
11901