CVE-2014-8143

Published: 16 January 2015

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Priority

Status

Package	Release	Status
samba Launchpad, Ubuntu, Debian	lucid	Not vulnerable
	precise	Not vulnerable
	trusty	Released (2:4.1.6+dfsg-1ubuntu2.14.04.4)
	upstream	Released (4.0.24, 4.1.16)
	utopic	Released (2:4.1.11+dfsg-1ubuntu2.1)
	vivid	Released (2:4.1.11+dfsg-1ubuntu4)
	wily	Released (2:4.1.11+dfsg-1ubuntu4)
	xenial	Released (2:4.1.11+dfsg-1ubuntu4)
	yakkety	Released (2:4.1.11+dfsg-1ubuntu4)
	zesty	Released (2:4.1.11+dfsg-1ubuntu4)
	Patches: upstream: https://git.samba.org/?p=samba.git;a=commit;h=9e15786d093ac984262394510333cb3c3d512e1a upstream: https://git.samba.org/?p=samba.git;a=commit;h=f2cb9b99235ebfdd0d53c3ebdaaac44f8b958311 upstream: https://git.samba.org/?p=samba.git;a=commit;h=3c93b5772ef002569810b01c39faac8b34168f05 upstream: https://git.samba.org/?p=samba.git;a=commit;h=5cc1c0ec403358d08e208a38feae11631510ab72
samba4 Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Released (4.0.24, 4.1.16)
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

Bugs

https://bugzilla.samba.org/show_bug.cgi?id=10993 (private)

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›