High severity7.5NVD Advisory· Published Dec 29, 2015· Updated May 6, 2026
CVE-2015-8467
CVE-2015-8467
Description
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3433nvdThird Party Advisory
- www.securityfocus.com/bid/79735nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034493nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2855-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2855-2nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- security.gentoo.org/glsa/201612-47nvdThird Party Advisory
- www.samba.org/samba/security/CVE-2015-8467.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.