8.5

CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version4.0.0
SambaSamba Version4.0.1
SambaSamba Version4.0.2
SambaSamba Version4.0.3
SambaSamba Version4.0.4
SambaSamba Version4.0.5
SambaSamba Version4.0.6
SambaSamba Version4.0.7
SambaSamba Version4.0.8
SambaSamba Version4.0.9
SambaSamba Version4.0.10
SambaSamba Version4.0.11
SambaSamba Version4.0.12
SambaSamba Version4.0.13
SambaSamba Version4.0.14
SambaSamba Version4.0.15
SambaSamba Version4.0.16
SambaSamba Version4.0.17
SambaSamba Version4.0.18
SambaSamba Version4.0.19
SambaSamba Version4.0.20
SambaSamba Version4.0.21
SambaSamba Version4.0.22
SambaSamba Version4.0.23
SambaSamba Version4.1.0
SambaSamba Version4.1.1
SambaSamba Version4.1.2
SambaSamba Version4.1.3
SambaSamba Version4.1.4
SambaSamba Version4.1.5
SambaSamba Version4.1.6
SambaSamba Version4.1.7
SambaSamba Version4.1.8
SambaSamba Version4.1.9
SambaSamba Version4.1.10
SambaSamba Version4.1.11
SambaSamba Version4.1.12
SambaSamba Version4.1.13
SambaSamba Version4.1.14
SambaSamba Version4.1.15
SambaSamba Version4.2.0 Updaterc1
SambaSamba Version4.2.0 Updaterc2
SambaSamba Version4.2.0 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.26% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
http://secunia.com/advisories/62594
http://www.securityfocus.com/bid/72278
http://www.securitytracker.com/id/1031615
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326
http://www.ubuntu.com/usn/USN-2481-1
https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8143.patch
Patch
https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/100596
https://www.samba.org/samba/security/CVE-2014-8143
Patch
Vendor Advisory