CVE-2014-8143
Published: 16 January 2015
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
trusty |
Released
(2:4.1.6+dfsg-1ubuntu2.14.04.4)
|
|
upstream |
Released
(4.0.24, 4.1.16)
|
|
utopic |
Released
(2:4.1.11+dfsg-1ubuntu2.1)
|
|
vivid |
Released
(2:4.1.11+dfsg-1ubuntu4)
|
|
wily |
Released
(2:4.1.11+dfsg-1ubuntu4)
|
|
xenial |
Released
(2:4.1.11+dfsg-1ubuntu4)
|
|
yakkety |
Released
(2:4.1.11+dfsg-1ubuntu4)
|
|
zesty |
Released
(2:4.1.11+dfsg-1ubuntu4)
|
|
Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=9e15786d093ac984262394510333cb3c3d512e1a upstream: https://git.samba.org/?p=samba.git;a=commit;h=f2cb9b99235ebfdd0d53c3ebdaaac44f8b958311 upstream: https://git.samba.org/?p=samba.git;a=commit;h=3c93b5772ef002569810b01c39faac8b34168f05 upstream: https://git.samba.org/?p=samba.git;a=commit;h=5cc1c0ec403358d08e208a38feae11631510ab72 |
||
samba4 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.0.24, 4.1.16)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
References
- https://www.samba.org/samba/security/CVE-2014-8143
- https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch
- https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch
- https://ubuntu.com/security/notices/USN-2481-1
- https://www.cve.org/CVERecord?id=CVE-2014-8143
- NVD
- Launchpad
- Debian