Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8143

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2014-8143
Last Modified 05 Mar 2015 09:59:48
Published 16 Jan 2015 09:59:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-8143

Summary

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Vulnerable Systems

Application

  • Samba 4.0.0

  • Samba 4.0.1

  • Samba 4.0.10

  • Samba 4.0.11

  • Samba 4.0.12

  • Samba 4.0.13

  • Samba 4.0.14

  • Samba 4.0.15

  • Samba 4.0.16

  • Samba 4.0.17

  • Samba 4.0.18

  • Samba 4.0.19

  • Samba 4.0.2

  • Samba 4.0.20

  • Samba 4.0.21

  • Samba 4.0.22

  • Samba 4.0.23

  • Samba 4.0.3

  • Samba 4.0.4

  • Samba 4.0.5

  • Samba 4.0.6

  • Samba 4.0.7

  • Samba 4.0.8

  • Samba 4.0.9

  • Samba 4.1.0

  • Samba 4.1.1

  • Samba 4.1.10

  • Samba 4.1.11

  • Samba 4.1.12

  • Samba 4.1.13

  • Samba 4.1.14

  • Samba 4.1.15

  • Samba 4.1.2

  • Samba 4.1.3

  • Samba 4.1.4

  • Samba 4.1.5

  • Samba 4.1.6

  • Samba 4.1.7

  • Samba 4.1.8

  • Samba 4.1.9

  • Samba 4.2.0


References

CONFIRM - https://www.samba.org/samba/security/CVE-2014-8143

CONFIRM - https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch

CONFIRM - https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch

XF - samba-cve20148143-priv-esc(100596)

SLACKWARE - SSA:2015-020-01

SECTRACK - 1031615

BID - 72278

SECUNIA - 62594

UBUNTU - USN-2481-1

SUSE - openSUSE-SU-2015:0375


Last Updated: 27 May 2016 11:07:34