Bugzilla – Bug 958585
VUL-0: CVE-2015-8467: samba: Microsoft MS15-096 / CVE-2015-2535 needs matching fix in Samba
Last modified: 2016-04-17 13:15:15 UTC
bugbot adjusting priority
is public https://www.samba.org/samba/security/CVE-2015-8467.html =========================================================== == Subject: Denial of service attack against Windows == Active Directory server. == == CVE ID#: CVE-2015-8467 == == Versions: Samba 4.0.0 to 4.3.2 == == Summary: Samba can expose Windows DCs to MS15-096 == Denial of service via the creation of multiple == machine accounts. == == (The Microsoft issue is CVE-2015-2535) == =========================================================== =========== Description =========== Samba, operating as an AD DC, is sometimes operated in a domain with a mix of Samba and Windows Active Directory Domain Controllers. All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as an AD DC in the same domain with Windows DCs, could be used to override the protection against the MS15-096 / CVE-2015-2535 security issue in Windows. Prior to MS16-096 it was possible to bypass the quota of machine accounts a non-administrative user could create. Pure Samba domains are not impacted, as Samba does not implement the SeMachineAccountPrivilege functionality to allow non-administrator users to create new computer objects. ================== Patch Availability ================== Patches addressing this defect have been posted to https://www.samba.org/samba/history/security.html Additionally, Samba 4.3.3, 4.2.7 and 4.1.22 have been issued as security releases to correct the defect. Samba vendors and administrators running affected versions as an AD DC in combination with Windows AD DCs are advised to pgrade or apply the patch as soon as possible. ========== Workaround ========== Only users with SeMachineAccountPrivilege can exploit this issue in Windows, removing this privilege from "Authenticated Users" can provide a mitigation. ======= Credits ======= This problem was found by Andrew Bartlett of the Samba Team and Catalyst (www.catalyst.net.nz), who also provided the fix.
This is an autogenerated message for OBS integration: This bug (958585) was mentioned in https://build.opensuse.org/request/show/349211 Factory / samba
SUSE-SU-2015:2304-1: An update that solves 6 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 295284,773464,872912,901813,902421,910378,912457,913304,923374,931854,936909,939051,947552,949022,951660,953382,954658,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1 SUSE Linux Enterprise Server 12 (src): ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1 SUSE Linux Enterprise Desktop 12 (src): ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1
SUSE-SU-2015:2305-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 949022,951660,954658,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1 SUSE Linux Enterprise Server 12-SP1 (src): ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1
note this only affects the AD DC, which we do not ship
openSUSE-SU-2015:2354-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 949022,951660,954658,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467 Sources used: openSUSE Leap 42.1 (src): ldb-1.1.24-7.1, samba-4.2.4-9.2, talloc-2.1.5-7.1, tdb-1.3.8-7.1, tevent-0.9.26-7.1
openSUSE-SU-2015:2356-1: An update that solves 7 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 939050,939051,949022,951660,953382,954658,958580,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-7540,CVE-2015-8467 Sources used: openSUSE 13.2 (src): ldb-1.1.24-3.4.1, samba-4.1.22-21.1, talloc-2.1.5-2.6.1, tdb-1.3.8-3.1, tevent-0.9.26-3.1 openSUSE 13.1 (src): ldb-1.1.24-3.7.1, samba-4.1.22-3.46.1, talloc-2.1.5-7.10.1, tdb-1.3.8-4.7.1, tevent-0.9.26-4.7.1
done
openSUSE-SU-2016:1064-1: An update that solves 16 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 898031,901813,912457,913238,913547,914279,917376,919309,924519,936862,942716,946051,947552,949022,958581,958582,958583,958584,958585,958586,964023,966271,968222,968973,971965,972197,973031,973032,973033,973034,973036,973832,974629 CVE References: CVE-2014-8143,CVE-2015-0240,CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2015-8467,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.2 (src): samba-4.2.4-34.1