CVE-2015-8467
First published: Thu Dec 10 2015(Updated: )
As per samba upstream advisory: Samba, operating as an AD DC, is sometimes operated in a domain with a mix of Samba and Windows Active Directory Domain Controllers. All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as an AD DC in the same domain with Windows DCs, could be used to override the protection against the MS15-096 / <a href="https://access.redhat.com/security/cve/CVE-2015-2535">CVE-2015-2535</a> security issue in Windows. Prior to MS16-096 it was possible to bypass the quota of machine accounts a non-administrative user could create. Pure Samba domains are not impacted, as Samba does not implement the SeMachineAccountPrivilege functionality to allow non-administrator users to create new computer objects. The following mitigation was suggested by upstream: Only users with SeMachineAccountPrivilege can exploit this issue in Windows, removing this privilege from "Authenticated Users" can provide a mitigation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | >=4.0.0<4.1.22 | |
| Samba | >=4.2.0<4.2.7 | |
| Samba | >=4.3.0<4.3.3 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Ubuntu | =15.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2015-2535
- https://www.samba.org/samba/security/CVE-2015-8467.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1290294
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://www.debian.org/security/2016/dsa-3433
- http://www.securityfocus.com/bid/79735
- http://www.securitytracker.com/id/1034493
- http://www.ubuntu.com/usn/USN-2855-1
- http://www.ubuntu.com/usn/USN-2855-2
- https://git.samba.org/?p=samba.git;a=commit;h=b000da128b5fb519d2d3f2e7fd20e4a25b7dae7d
- https://security.gentoo.org/glsa/201612-47
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=b000da128b5fb519d2d3f2e7fd20e4a25b7dae7d
Frequently Asked Questions
What is the severity of CVE-2015-8467?
CVE-2015-8467 is classified as a medium severity vulnerability.
How do I fix CVE-2015-8467?
To fix CVE-2015-8467, upgrade Samba to a version higher than 4.3.3.
Which versions of Samba are affected by CVE-2015-8467?
All versions of Samba from 4.0.0 to 4.3.2 are affected by CVE-2015-8467.
What systems are vulnerable to CVE-2015-8467?
Samba deployed as an Active Directory Domain Controller in mixed environments with Windows Domain Controllers are vulnerable to CVE-2015-8467.
Is CVE-2015-8467 related to Active Directory?
Yes, CVE-2015-8467 specifically affects Samba acting as an Active Directory Domain Controller.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8467
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samba
- canonical/samba
- version/samba/4.0.0
- version/samba/4.2.0
- version/samba/4.3.0
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- version/ubuntu/15.10