1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2015-7560.html:</H2>
15 ===========================================================
16 == Subject: Incorrect ACL get/set allowed on symlink path.
18 == CVE ID#: CVE-2015-7560
20 == Versions: Samba 3.2.0 to 4.4.0rc3
22 == Summary: Authenticated client could cause Samba to
23 == overwrite ACLs with incorrect owner/group.
25 ===========================================================
31 All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
32 a malicious client overwriting the ownership of ACLs using symlinks.
34 An authenticated malicious client can use SMB1 UNIX extensions to
35 create a symlink to a file or directory, and then use non-UNIX SMB1
36 calls to overwrite the contents of the ACL on the file or directory
43 A patch addressing this defect has been posted to
45 https://www.samba.org/samba/security/
47 Additionally, Samba 4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23 have been issued as
48 security releases to correct the defect. Patches against older Samba
49 versions are available at https://www.samba.org/samba/patches/. Samba
50 vendors and administrators running affected versions are advised to
51 upgrade or apply the patch as soon as possible.
61 to the [global] section of your smb.conf and restart smbd.
63 Alternatively, prohibit the use of SMB1 by setting the parameter:
65 server min protocol = SMB2
67 to the [global] section of your smb.conf and restart smbd.
73 This problem was found by Jeremy Allison of Google, Inc. and the Samba
74 Team, who also provided the fix.