CVE-2014-8143

high

Description

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

References

https://www.samba.org/samba/security/CVE-2014-8143

https://exchange.xforce.ibmcloud.com/vulnerabilities/100596

https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch

https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch

http://www.ubuntu.com/usn/USN-2481-1

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326

http://www.securitytracker.com/id/1031615

http://www.securityfocus.com/bid/72278

http://secunia.com/advisories/62594

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html

Details

Source: Mitre, NVD

Published: 2015-01-17

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High