FKIE_CVE-2014-8143

Vulnerability from fkie_nvd - Published: 2015-01-17 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
secalert@redhat.comhttp://secunia.com/advisories/62594
secalert@redhat.comhttp://www.securityfocus.com/bid/72278
secalert@redhat.comhttp://www.securitytracker.com/id/1031615
secalert@redhat.comhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2481-1
secalert@redhat.comhttps://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patchPatch
secalert@redhat.comhttps://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patchPatch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/100596
secalert@redhat.comhttps://www.samba.org/samba/security/CVE-2014-8143Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/62594
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/72278
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031615
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2481-1
af854a3a-2127-422b-91ae-364da2661108https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patchPatch
af854a3a-2127-422b-91ae-364da2661108https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patchPatch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/100596
af854a3a-2127-422b-91ae-364da2661108https://www.samba.org/samba/security/CVE-2014-8143Patch, Vendor Advisory
Impacted products
Vendor Product Version
samba samba 4.0.0
samba samba 4.0.1
samba samba 4.0.2
samba samba 4.0.3
samba samba 4.0.4
samba samba 4.0.5
samba samba 4.0.6
samba samba 4.0.7
samba samba 4.0.8
samba samba 4.0.9
samba samba 4.0.10
samba samba 4.0.11
samba samba 4.0.12
samba samba 4.0.13
samba samba 4.0.14
samba samba 4.0.15
samba samba 4.0.16
samba samba 4.0.17
samba samba 4.0.18
samba samba 4.0.19
samba samba 4.0.20
samba samba 4.0.21
samba samba 4.0.22
samba samba 4.0.23
samba samba 4.1.0
samba samba 4.1.1
samba samba 4.1.2
samba samba 4.1.3
samba samba 4.1.4
samba samba 4.1.5
samba samba 4.1.6
samba samba 4.1.7
samba samba 4.1.8
samba samba 4.1.9
samba samba 4.1.10
samba samba 4.1.11
samba samba 4.1.12
samba samba 4.1.13
samba samba 4.1.14
samba samba 4.1.15
samba samba 4.2.0
samba samba 4.2.0
samba samba 4.2.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DEEFFF7-DF7C-4641-81A9-1CD64DC29DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2855B3F6-49B6-4D25-BEAC-4D1797D1E100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C1F1993-70A2-4104-85AF-3BECB330AB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E955458C-8F5C-4D55-9F78-9E1CB4416F10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "866FF7AC-19EA-49E7-B423-9FF57839B580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A1A64C7-B039-4724-B06C-EAC898EB3B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C572E25A-4B44-426D-B637-292A08766D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D96D806-ED52-4010-9F5F-F84E33C245D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "643FC7D2-FC39-43FA-99E6-805553FE1DCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B95519-0C9D-473C-912D-E350106DC4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC603E1A-7882-45F0-9E8D-157F191C0FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F9321C-B442-4081-8E4A-62BAD95239A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "012A397B-004D-489C-B06D-C0D67E26B1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "392E0C61-7718-4DBC-8F02-6F3C2CBE1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D893CD1C-31D7-4F7F-BD0B-BEF75DCB2DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "324AE9D7-C41F-493E-A1AD-FCD869D29D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "68519B1F-F315-4BBD-A4A3-4E1956D81E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF745E93-A92E-4AD7-8D42-36E9387C6915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E4B760-417E-45D1-9CE1-AEBC8936BDA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0DA221-078A-49DC-B0F1-F318FD785664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72BCA7B-6338-4A7C-AE71-E0B8F6C9F2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8F6AB9-A6C4-443E-A846-EE845BE24F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C8F7D7-BAAD-4F3A-BA39-44BE0CCADFC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC522377-A6CD-4513-83B4-9ADC15F76B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB9C10B-284E-48CD-A524-1A6BF828AED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F70DD815-1DAA-4025-8C97-32C7D06D8AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A37DA6E-6EB7-429B-ACE0-2B1220BD62C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA25E8C-9EFA-4A01-A2F0-CD63A39EDD08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C33F47-0F28-4AE2-A895-82B5E0F4496D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EEFF35-E903-4651-A4B4-D92FF26A7509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44BD172-80FA-4260-BAFB-251A95E8C7B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F09116D2-F168-4305-9A1D-88A1D42739A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "558E0B71-F79E-47B5-90CC-9C165BB15507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D7E102-DD54-43F2-B008-66F7C243477E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8066AB8C-1AE6-4DA3-91DB-4BF67DBBA279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A03CB9E-DEFC-4507-A314-5E0824A66462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6708D6E-2098-432D-820A-853032BD9A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "42BA346B-F7C6-4EB3-91BD-2CCC2B688AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B689AA-2074-4E9A-93BD-F910510A29AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF22E49-B259-4E13-B371-0C0173E534FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AE10A1EF-F9CE-4126-9793-FB70A1D512A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7FA4DD6C-1531-420A-B271-EB16EA05470B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AB6AEA9D-42C8-4C60-86AE-54DB2940A3B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation."
    },
    {
      "lang": "es",
      "value": "Samba 4.0.x anterior a 4.0.24, 4.1.x anterior a 4.1.16, y 4.2.x anterior a 4.2rc4, cuando un Active Directory Domain Controller (AD DC) est\u00e1 configurado, permite a usuarios remotos autenticados configurar el bit de LDB userAccountControl UF_SERVER_TRUST_ACCOUNT, y como consecuencia ganar privilegios, mediante el aprovechamiento de la delegaci\u00f3n de autoridad para la creaci\u00f3n de cuentas de usuarios o cuentas de ordenadores."
    }
  ],
  "id": "CVE-2014-8143",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-17T02:59:03.617",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/62594"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/72278"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1031615"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.416326"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2481-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100596"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.samba.org/samba/security/CVE-2014-8143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.416326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2481-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.samba.org/samba/security/CVE-2014-8143"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.