Permissions, Privileges, and Access Controls in Samba
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU32351
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-8467
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamba: 3.4.0 - 4.1.21
CPE2.3- cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
https://www.debian.org/security/2016/dsa-3433
https://www.securityfocus.com/bid/79735
https://www.securitytracker.com/id/1034493
https://www.ubuntu.com/usn/USN-2855-1
https://www.ubuntu.com/usn/USN-2855-2
https://bugzilla.redhat.com/show_bug.cgi?id=1290294
https://git.samba.org/?p=samba.git;a=commit;h=b000da128b5fb519d2d3f2e7fd20e4a25b7dae7d
https://security.gentoo.org/glsa/201612-47
https://www.samba.org/samba/security/CVE-2015-8467.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
