CVE-2015-7560
samba - security update
6.5
MEDIUM
CVSS 3.1
EPSS 4.0%
Description
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
How to fix CVE-2015-7560
To remediate CVE-2015-7560, upgrade the affected package to a fixed version below.
- —upgrade to 2:4.3.6+dfsg-1 or later
- —upgrade to 2:3.6.6-6+deb7u7 or later
Is CVE-2015-7560 being exploited?
Low — EPSS is 4.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:4.3.6+dfsg-1
- from 0, < 2:3.6.6-6+deb7u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |