The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html - Mailing List, Third Party Advisory | |
References | () http://www.debian.org/security/2016/dsa-3433 - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/79735 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1034493 - Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/USN-2855-1 - Third Party Advisory | |
References | () http://www.ubuntu.com/usn/USN-2855-2 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1290294 - Issue Tracking, Third Party Advisory | |
References | () https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=b000da128b5fb519d2d3f2e7fd20e4a25b7dae7d - | |
References | () https://security.gentoo.org/glsa/201612-47 - Third Party Advisory | |
References | () https://www.samba.org/samba/security/CVE-2015-8467.html - Vendor Advisory |
Information
Published : 2015-12-29 22:59
Updated : 2024-11-21 02:38
NVD link : CVE-2015-8467
Mitre link : CVE-2015-8467
CVE.ORG link : CVE-2015-8467
JSON object : View
Products Affected
samba
- samba
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-269
Improper Privilege Management