Vigil@nce - Samba: user creation
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker, but who is not fully trusted, can
create users on the Samba AD.
Impacted products: Samba, Slackware, Ubuntu
Severity: 2/4
Creation date: 15/01/2015
DESCRIPTION OF THE VULNERABILITY
The userAccountControl attribute of the Active Directory contains
flags indicating users properties:
– UF_ACCOUNT_DISABLE : disabled user
– UF_SERVER_TRUST_ACCOUNT : domain administrator user
– etc.
The domain administrator can delegate to a user the creation of
user or computer accounts. However, Samba does not check if the
user has the UF_SERVER_TRUST_ACCOUNT flag.
An authenticated attacker, but who is not fully trusted, can
therefore create users on the Samba AD.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN