vulnerability

RHSA-2016:0449: samba4 security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Mar 13, 2016	Mar 21, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Mar 13, 2016

Added

Mar 21, 2016

Modified

Oct 30, 2017

Description

Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A flaw was found in the way Samba handled ACLs on symbolic links.An authenticated user could use this flaw to gain access to an arbitraryfile or directory by overwriting its ACL. (CVE-2015-7560)Red Hat would like to thank the Samba project for reporting this issue.Upstream acknowledges Jeremy Allison (Google) and the Samba team as theoriginal reporters.All samba4 users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, the smb service will be restarted automatically.

Solutions

redhat-upgrade-samba4redhat-upgrade-samba4-clientredhat-upgrade-samba4-commonredhat-upgrade-samba4-dcredhat-upgrade-samba4-dc-libsredhat-upgrade-samba4-debuginforedhat-upgrade-samba4-develredhat-upgrade-samba4-libsredhat-upgrade-samba4-pidlredhat-upgrade-samba4-pythonredhat-upgrade-samba4-swatredhat-upgrade-samba4-testredhat-upgrade-samba4-winbindredhat-upgrade-samba4-winbind-clientsredhat-upgrade-samba4-winbind-krb5-locator

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report