CVE-2014-8143

Sažetak

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://secunia.com/advisories/62594
http://www.securityfocus.com/bid/72278
http://www.securitytracker.com/id/1031615
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
http://www.ubuntu.com/usn/USN-2481-1
https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch
https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/100596
https://www.samba.org/samba/security/CVE-2014-8143

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

17-01-2015 - 02:59