Vulnerability CVE-2014-8143: Information

Description

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Severity: HIGH (8.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-8143

Published: Jan. 17, 2015

Modified: Sept. 8, 2017

Error type identifier: CWE-264

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
samba	sisyphus	4.1.17-alt1	4.19.6-alt1	ALT-PU-2015-1196-1	140935	Fixed
samba	p10	4.1.17-alt1	4.19.6-alt1	ALT-PU-2015-1196-1	140935	Fixed
samba	p9	4.1.17-alt1	4.14.10-alt2	ALT-PU-2015-1196-1	140935	Fixed
samba	c10f1	4.1.17-alt1	4.16.11-alt2	ALT-PU-2015-1196-1	140935	Fixed
samba	c9f2	4.1.17-alt1	4.14.14-alt0.c9.1	ALT-PU-2015-1196-1	140935	Fixed
samba	c7	4.0.25-alt0.M70P.1	4.6.15-alt1.M70C.1	ALT-PU-2015-1198-1	140937	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.samba.org/samba/security/CVE-2014-8143	Patch Vendor Advisory
https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch	Patch
https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch	Patch
62594
SSA:2015-020-01
72278
1031615
USN-2481-1
openSUSE-SU-2015:0375
openSUSE-SU-2016:1064
samba-cve20148143-priv-esc(100596)

Affected configurations:
1. Configuration 1
  cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*
  cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2014-8143: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1