Bug 1290294 (CVE-2015-8467) - CVE-2015-8467 samba: Denial of service attack against Windows Active Directory server.
Summary: CVE-2015-8467 samba: Denial of service attack against Windows Active Director...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-8467
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20151216,repor...
Depends On:
Blocks: 1281327
TreeView+ depends on / blocked
 
Reported: 2015-12-10 05:45 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-06-08 20:53 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-17 04:12:57 UTC


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2015-12-10 05:45:29 UTC
As per samba upstream advisory:

Samba, operating as an AD DC, is sometimes operated in a domain with a mix of Samba and Windows Active Directory Domain Controllers.

All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as an AD DC in the same domain with Windows DCs, could be used to override the protection against the MS15-096 / CVE-2015-2535 security issue in Windows.

Prior to MS16-096 it was possible to bypass the quota of machine accounts a non-administrative user could create.  Pure Samba domains are not impacted, as Samba does not implement the SeMachineAccountPrivilege functionality to allow non-administrator users to create new computer objects.

The following mitigation was suggested by upstream:

Only users with SeMachineAccountPrivilege can exploit this issue in Windows, removing this privilege from "Authenticated Users" can provide a mitigation.

Comment 1 Huzaifa S. Sidhpurwala 2015-12-10 06:36:29 UTC
Acknowledgements:

Red Hat would like to thank the Samba project for reporting this issue. Upstream  cknowledges Andrew Bartlett of the Samba Team and Catalyst as the original reporters.

Comment 2 Huzaifa S. Sidhpurwala 2015-12-17 04:12:57 UTC
External References:

https://www.samba.org/samba/security/CVE-2015-8467.html


Note You need to log in before you can comment on or make changes to this bug.