7.5

CVE-2015-8467

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version >= 4.0.0 < 4.1.22
SambaSamba Version >= 4.2.0 < 4.2.7
SambaSamba Version >= 4.3.0 < 4.3.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.13% 0.862
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3433
Third Party Advisory
http://www.securitytracker.com/id/1034493
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2855-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2855-2
Third Party Advisory
https://security.gentoo.org/glsa/201612-47
Third Party Advisory
http://www.securityfocus.com/bid/79735
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1290294
Third Party Advisory
Issue Tracking
https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=b000da128b5fb519d2d3f2e7fd20e4a25b7dae7d
https://www.samba.org/samba/security/CVE-2015-8467.html
Vendor Advisory