Back to bug 1309992
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-02-19 07:27:25 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-19 07:27:25 UTC | Doc Type | --- | Bug Fix |
| Huzaifa S. Sidhpurwala | 2016-02-19 07:27:44 UTC | Blocks | 1309971 | |
| Huzaifa S. Sidhpurwala | 2016-02-26 08:21:43 UTC | Whiteboard | impact=low,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=new,rhel-5/samba3x=new,rhel-6/samba=new,rhel-6/samba4=new,rhel-7/samba=new,rhes-3.1/samba=new,fedora-all/samba=new | impact=low,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected |
| Huzaifa S. Sidhpurwala | 2016-02-26 08:22:35 UTC | CC | madam | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:38:53 UTC | Depends On | 1314667 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:00 UTC | Depends On | 1314668 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:10 UTC | Depends On | 1314669 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:19 UTC | Depends On | 1314670 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:29 UTC | Depends On | 1314671 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:38 UTC | Depends On | 1314672 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:48 UTC | Depends On | 1314673 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:39:57 UTC | Depends On | 1314674 | |
| Siddharth Sharma | 2016-03-04 08:44:36 UTC | CC | sisharma | |
| Huzaifa S. Sidhpurwala | 2016-03-04 08:45:51 UTC | Priority | low | medium |
| Whiteboard | impact=low,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected | impact=moderate,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected | ||
| Severity | low | medium | ||
| Huzaifa S. Sidhpurwala | 2016-03-04 08:55:08 UTC | Whiteboard | impact=moderate,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=affected,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected | impact=moderate,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=wontfix,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected |
| Guenther Deschner | 2016-03-08 11:35:10 UTC | Link ID | Samba Project 11648 | |
| Siddharth Sharma | 2016-03-09 04:20:38 UTC | Whiteboard | impact=moderate,public=no,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=wontfix,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected | impact=moderate,public=20160308,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=wontfix,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected |
| Siddharth Sharma | 2016-03-09 04:20:44 UTC | Summary | EMBARGOED CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path | CVE-2015-7560 samba: Incorrect ACL get/set allowed on symlink path |
| Siddharth Sharma | 2016-03-09 04:20:50 UTC | Group | security, qe_staff | |
| Siddharth Sharma | 2016-03-09 04:28:11 UTC | Depends On | 1315942 | |
| Siddharth Sharma | 2016-03-09 09:51:41 UTC | Doc Text | A flaw was found in SMB1 UNIX extension which allows authenticated malicious user to create symlink to file or directory. Attacker can then use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory which allows attacker to gain access to the file or directory. (CVE-2015-7560) | |
| Martin Prpič | 2016-03-09 10:17:07 UTC | Comment 7 is private | 1 | 0 |
| Martin Prpič | 2016-03-09 10:20:34 UTC | Doc Text | A flaw was found in SMB1 UNIX extension which allows authenticated malicious user to create symlink to file or directory. Attacker can then use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory which allows attacker to gain access to the file or directory. (CVE-2015-7560) | A flaw was found in Samba's SMB1 UNIX extension, which could allow an authenticated user to create a symlink to file or a directory, and use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory, allowing them to gain access to the contents of that file or directory. |
| Martin Prpič | 2016-03-14 08:49:43 UTC | Doc Text | A flaw was found in Samba's SMB1 UNIX extension, which could allow an authenticated user to create a symlink to file or a directory, and use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory, allowing them to gain access to the contents of that file or directory. | A flaw was found in Samba's SMB1 UNIX extension, which could allow an authenticated user to create a symlink to a file or a directory, and use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory, allowing them to gain access to the contents of that file or directory. |
| Michael Adam | 2016-03-14 09:27:33 UTC | Comment 8 is private | 1 | 0 |
| Siddharth Sharma | 2016-03-15 06:39:55 UTC | Doc Text | A flaw was found in Samba's SMB1 UNIX extension, which could allow an authenticated user to create a symlink to a file or a directory, and use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory, allowing them to gain access to the contents of that file or directory. | A flaw was found in the way Samba handled ACLs on symlinks. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. |
| Martin Prpič | 2016-03-15 08:23:06 UTC | Doc Text | A flaw was found in the way Samba handled ACLs on symlinks. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. | A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACLs. |
| Martin Prpič | 2016-03-15 08:38:47 UTC | Doc Text | A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACLs. | A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. |
| Siddharth Sharma | 2016-03-15 10:41:10 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=wontfix,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected | impact=moderate,public=20160308,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=wontfix,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,cwe=CWE-284 |
| Siddharth Sharma | 2016-03-15 11:03:50 UTC | Fixed In Version | samba 4.2.4 | |
| Siddharth Sharma | 2016-03-15 11:24:17 UTC | Fixed In Version | samba 4.2.4 | samba 4.2.4, samba4 4.0.0, samba 3.6.23 |
| Siddharth Sharma | 2016-03-15 11:32:43 UTC | Fixed In Version | samba 4.2.4, samba4 4.0.0, samba 3.6.23 | samba 4.4.0rc4, samba 4.3.6, samba 4.2.9, samba 4.1.23 |
| Huzaifa S. Sidhpurwala | 2016-03-24 02:50:01 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-23 22:50:01 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160219,source=upstream,cvss2=3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N,rhel-5/samba=notaffected,rhel-5/samba3x=wontfix,rhel-6/samba=affected,rhel-6/samba4=affected,rhel-7/samba=affected,rhes-3.1/samba=affected,fedora-all/samba=affected,cwe=CWE-284 |
Back to bug 1309992