Описание
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | samba | Not affected | ||
| Red Hat Enterprise Linux 5 | samba3x | Will not fix | ||
| Red Hat Enterprise Linux 6 | samba | Fixed | RHSA-2016:0448 | 15.03.2016 |
| Red Hat Enterprise Linux 6 | samba4 | Fixed | RHSA-2016:0449 | 15.03.2016 |
| Red Hat Enterprise Linux 7 | samba | Fixed | RHSA-2016:0448 | 15.03.2016 |
| Red Hat Gluster Storage 3.1 for RHEL 6 | samba | Fixed | RHSA-2016:0447 | 15.03.2016 |
| Red Hat Gluster Storage 3.1 for RHEL 7 | samba | Fixed | RHSA-2016:0447 | 15.03.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS2
Связанные уязвимости
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4. ...
EPSS
3.5 Low
CVSS2