Test ID:	1.3.6.1.4.1.25623.1.0.871573
Category:	Red Hat Local Security Checks
Title:	RedHat Update for samba4 RHSA-2016:0449-01
Summary:	The remote host is missing an update for the 'samba4'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'samba4' package(s) announced via the referenced advisory. Vulnerability Insight: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. Affected Software/OS: samba4 on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7560 BugTraq ID: 84267 http://www.securityfocus.com/bid/84267 Debian Security Information: DSA-3514 (Google Search) http://www.debian.org/security/2016/dsa-3514 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178730.html http://www.securitytracker.com/id/1035220 SuSE Security Announcement: SUSE-SU-2016:0814 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html SuSE Security Announcement: SUSE-SU-2016:0816 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html SuSE Security Announcement: SUSE-SU-2016:0837 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html SuSE Security Announcement: SUSE-SU-2016:0905 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html SuSE Security Announcement: openSUSE-SU-2016:0813 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html SuSE Security Announcement: openSUSE-SU-2016:0877 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://www.ubuntu.com/usn/USN-2922-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.