CVE-2015-8467 — Improper Privilege Management in Samba

CWE-269 — Improper Privilege Management10 documents7 sources

Severity

7.5HIGHNVD

OSV5.3OSV4.0

EPSS

1.7%

top 17.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 29

Latest updateMay 17

Description

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

▶NVDsamba/samba4.0.0 — 4.1.22+2

▶debiandebian/samba< samba 2:4.1.22+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.1.22+dfsg-1+3

▶Ubuntusamba/samba< 2:4.1.6+dfsg-1ubuntu2.14.04.11+1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-3mw8-88mv-4wcm: The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb↗2022-05-17

▶

OSV

samba regression↗2016-02-16

▶

OSV

samba vulnerabilities↗2016-01-05

▶

OSV

CVE-2015-8467: The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb↗2015-12-29

▶

📋Vendor Advisories

Ubuntu

Samba regression↗2016-02-16

▶

Ubuntu

Samba vulnerabilities↗2016-01-05

▶

Red Hat

samba: Denial of service attack against Windows Active Directory server.↗2015-12-16

▶

Debian

CVE-2015-8467: samba - The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/sam...↗2015

▶

💬Community

Bugzilla

CVE-2015-8467 samba: Denial of service attack against Windows Active Directory server.↗2015-12-10

▶