PT-2007-1125 · Samba+4 · Samba+4

Andrew Bartlett

Published

2007-04-10

Updated

2024-06-15

CVE-2015-8467

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Samba versions 4.1.x through 4.1.21 Samba versions 4.2.x through 4.2.6 Samba versions 4.3.x through 4.3.2

Description: The issue is related to the samldb check user account control acl function in Samba, which does not properly check for administrative privileges during the creation of machine accounts. This allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC.

Recommendations: For Samba versions 4.1.x through 4.1.21, update to version 4.1.22 or later. For Samba versions 4.2.x through 4.2.6, update to version 4.2.7 or later. For Samba versions 4.3.x through 4.3.2, update to version 4.3.3 or later.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-264

Related Identifiers

ALT-PU-2015-2138

ALT-PU-2015-2139

BDU:2016-00973

CVE-2015-8467

DSA-3433-1

ECHO-60CC-F655-504E

OPENSUSE-SU-2015_2354-1

OPENSUSE-SU-2015_2356-1

OPENSUSE-SU-2016_1064-1

OPENSUSE-SU-2024:10069-1

SUSE-SU-2015:2304-1

SUSE-SU-2015:2305-1

USN-2855-1

USN-2855-2

Affected Products

Alt Linux

Samba

Suse

Ubuntu

Windows Dc

PT-2007-1125 · Samba+4 · Samba+4

CVE-2015-8467

Weakness Enumeration

Related Identifiers

Affected Products

References · 119