7.5

CVE-2015-8467

EPSS 1.75%
Veröffentlicht 29.12.2015 22:59:07
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 4.0.0 < 4.1.22

Samba ≫ Samba Version >= 4.2.0 < 4.2.7

Samba ≫ Samba Version >= 4.3.0 < 4.3.3

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.04

Canonical ≫ Ubuntu Linux Version15.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.75%	0.819

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html

Third Party Advisory

Mailing List

http://www.debian.org/security/2016/dsa-3433

Third Party Advisory

http://www.securitytracker.com/id/1034493

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2855-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2855-2

Third Party Advisory

https://security.gentoo.org/glsa/201612-47

Third Party Advisory

http://www.securityfocus.com/bid/79735

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1290294

Third Party Advisory

Issue Tracking

https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=b000da128b5fb519d2d3f2e7fd20e4a25b7dae7d

https://www.samba.org/samba/security/CVE-2015-8467.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-8467

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8467

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8467

EUVD