diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-12-04 17:23:29 +1300 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2015-01-15 14:54:47 +0100 |
| commit | ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32 (patch) | |
| tree | 21d3a6df0f59ed4ca356b22417d03100c6f89d39 /source4/setup | |
| parent | 9d62b6764e99737fd7b914163237a8767d1224b1 (diff) | |
| download | samba-ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32.tar.gz samba-ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32.tar.xz samba-ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32.zip | |
CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
This requires an additional control to be used in the
LSA server to add domain trust account objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
Diffstat (limited to 'source4/setup')
| -rw-r--r-- | source4/setup/schema_samba4.ldif | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 94aedb099d..22f0bc13d0 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -197,6 +197,7 @@ #Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1 #Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20 #Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21 +#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23 # Extended 1.3.6.1.4.1.7165.4.4.x #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 |