CVE-2015-8467

Priority
Description
The samldb_check_user_account_control_acl function in
dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before
4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative
privileges during creation of machine accounts, which allows remote
authenticated users to bypass intended access restrictions by leveraging
the existence of a domain with both a Samba DC and a Windows DC, a similar
issue to CVE-2015-2535.
Assigned-to
mdeslaur
Notes
mdeslaur4.0.0 to 4.3.2
(related to Microsoft issue CVE-2015-2535)
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.12)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.3+dfsg-1ubuntu1)
Patches:
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=bf13cbd3f33c31483b172fc094b0e5946e899bc4 (4.1)
Package
Upstream:released (4.3.3,4.2.7,4.1.22)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 18:43:19 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)