Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Samba: altering AD DC LDAP objects

January 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When Samba is configured as an Active Directory Domain Controller,
an authenticated attacker can alter LDAP objects.

 Impacted products: Fedora, Samba
 Severity: 2/4
 Creation date: 15/01/2013

DESCRIPTION OF THE VULNERABILITY

The Samba server can be configured as an Active Directory domain
controller. An AD uses LDAP objects to represent resources (users,
computers, etc.).

The access control to object is defined by its "objectClass".
However, if an user owns a right (such as the read right) on an
object, then he automatically gains the write privilege on this
object. Moreover, if the user owns the writing right on an
attribute of the object, then he gains the writing right on all
attributes of the object.

When Samba is configured as an Active Directory Domain Controller,
an authenticated attacker can therefore alter LDAP objects.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Samba-altering-AD-DC-LDAP-objects-12330


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts