CVE-2014-8143
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2014-8143
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-8143.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2014-8143
- Downstream
- Related
- Published
- 2015-01-17T02:59:03Z
- Modified
- 2025-04-12T10:46:40Z
- Summary
- [none]
- Details
-
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
- References
-
- http://secunia.com/advisories/62594
- http://www.ubuntu.com/usn/USN-2481-1
- https://www.samba.org/samba/security/CVE-2014-8143
- https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch
- https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
- http://www.securityfocus.com/bid/72278
- http://www.securitytracker.com/id/1031615
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100596
- https://security-tracker.debian.org/tracker/CVE-2014-8143
Affected packages
Debian:11 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:12 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source
Debian:13 / samba
Package
- Name
- samba
- Purl
- pkg:deb/debian/samba?arch=source