Lucene search

RedhatCVE-2014-8143

HistoryJan 17, 2015 - 2:59 a.m.

CVE-2014-8143

2015-01-1702:59:03

CWE-264

redhat

web.nvd.nist.gov

cve-2014-8143

samba

remote

authentication

ad dc

privileges

delegation

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Affected configurations

Nvd

Node

sambasambaMatch4.0.0

sambasambaMatch4.0.1

sambasambaMatch4.0.2

sambasambaMatch4.0.3

sambasambaMatch4.0.4

sambasambaMatch4.0.5

sambasambaMatch4.0.6

sambasambaMatch4.0.7

sambasambaMatch4.0.8

sambasambaMatch4.0.9

sambasambaMatch4.0.10

sambasambaMatch4.0.11

sambasambaMatch4.0.12

sambasambaMatch4.0.13

sambasambaMatch4.0.14

sambasambaMatch4.0.15

sambasambaMatch4.0.16

sambasambaMatch4.0.17

sambasambaMatch4.0.18

sambasambaMatch4.0.19

sambasambaMatch4.0.20

sambasambaMatch4.0.21

sambasambaMatch4.0.22

sambasambaMatch4.0.23

sambasambaMatch4.1.0

sambasambaMatch4.1.1

sambasambaMatch4.1.2

sambasambaMatch4.1.3

sambasambaMatch4.1.4

sambasambaMatch4.1.5

sambasambaMatch4.1.6

sambasambaMatch4.1.7

sambasambaMatch4.1.8

sambasambaMatch4.1.9

sambasambaMatch4.1.10

sambasambaMatch4.1.11

sambasambaMatch4.1.12

sambasambaMatch4.1.13

sambasambaMatch4.1.14

sambasambaMatch4.1.15

sambasambaMatch4.2.0rc1

sambasambaMatch4.2.0rc2

sambasambaMatch4.2.0rc3

VendorProductVersionCPE
sambasamba4.0.0cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*
sambasamba4.0.1cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
sambasamba4.0.2cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
sambasamba4.0.3cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
sambasamba4.0.4cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
sambasamba4.0.5cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
sambasamba4.0.6cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
sambasamba4.0.7cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
sambasamba4.0.8cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
sambasamba4.0.9cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	4.0.0	cpe:2.3:a:samba:samba:4.0.0:::::::*
samba	samba	4.0.1	cpe:2.3:a:samba:samba:4.0.1:::::::*
samba	samba	4.0.2	cpe:2.3:a:samba:samba:4.0.2:::::::*
samba	samba	4.0.3	cpe:2.3:a:samba:samba:4.0.3:::::::*
samba	samba	4.0.4	cpe:2.3:a:samba:samba:4.0.4:::::::*
samba	samba	4.0.5	cpe:2.3:a:samba:samba:4.0.5:::::::*
samba	samba	4.0.6	cpe:2.3:a:samba:samba:4.0.6:::::::*
samba	samba	4.0.7	cpe:2.3:a:samba:samba:4.0.7:::::::*
samba	samba	4.0.8	cpe:2.3:a:samba:samba:4.0.8:::::::*
samba	samba	4.0.9	cpe:2.3:a:samba:samba:4.0.9:::::::*