Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Samba: altering AD DC LDAP objects

January 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

When Samba is configured as an Active Directory Domain Controller, an authenticated attacker can alter LDAP objects.

- Impacted products: Fedora, Samba
- Severity: 2/4
- Creation date: 15/01/2013

DESCRIPTION OF THE VULNERABILITY

The Samba server can be configured as an Active Directory domain controller. An AD uses LDAP objects to represent resources (users, computers, etc.).

The access control to object is defined by its "objectClass". However, if an user owns a right (such as the read right) on an object, then he automatically gains the write privilege on this object. Moreover, if the user owns the writing right on an attribute of the object, then he gains the writing right on all attributes of the object.

When Samba is configured as an Active Directory Domain Controller, an authenticated attacker can therefore alter LDAP objects.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/S...




See previous articles

    

See next articles