CVE-2015-8467 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-8467 PUBLISHED

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.

EPSS 1.75% · 82.4th percentile

Risk Scores

EPSS Score

1.75%

82.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	samba	0, 2:3.6.18-1ubuntu3, 2:4.0.10+dfsg-4ubuntu2
Ubuntu:16.04:LTS	samba	0, 2:4.1.17+dfsg-4ubuntu2, 2:4.1.20+dfsg-1ubuntu1

Timeline

Dec 16, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-8467 third-party-advisory
https://www.samba.org/samba/security/CVE-2015-8467.html third-party-advisory
https://ubuntu.com/security/notices/USN-2855-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2015-8467 third-party-advisory

Open in Interactive Console →