What is the severity of CVE-2014-8143?

CVE-2014-8143 is considered a high-severity vulnerability due to its potential to allow privilege escalation for authenticated users.

How do I fix CVE-2014-8143?

To fix CVE-2014-8143, update Samba to versions 4.0.24, 4.1.16, or 4.2rc4 or later.

Who is impacted by CVE-2014-8143?

CVE-2014-8143 affects Samba versions prior to 4.0.24, 4.1.16, and 4.2rc4 installed on servers acting as Active Directory Domain Controllers.

What kind of access does CVE-2014-8143 provide to attackers?

CVE-2014-8143 allows remote authenticated users to gain elevated privileges by manipulating the userAccountControl attribute.

Is CVE-2014-8143 still a risk if Samba is updated?

Once Samba is updated to the recommended versions, CVE-2014-8143 should no longer pose a risk.

Vulnerability/
CVE-2014-8143

high

8.5

CWE

264

17/1/2015

6/8/2024

CVE-2014-8143

First published: Sat Jan 17 2015(Updated: )

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Samba	=4.0.0
Samba	=4.0.1
Samba	=4.0.2
Samba	=4.0.3
Samba	=4.0.4
Samba	=4.0.5
Samba	=4.0.6
Samba	=4.0.7
Samba	=4.0.8
Samba	=4.0.9
Samba	=4.0.10
Samba	=4.0.11
Samba	=4.0.12
Samba	=4.0.13
Samba	=4.0.14
Samba	=4.0.15
Samba	=4.0.16
Samba	=4.0.17
Samba	=4.0.18
Samba	=4.0.19
Samba	=4.0.20
Samba	=4.0.21
Samba	=4.0.22
Samba	=4.0.23
Samba	=4.1.0
Samba	=4.1.1
Samba	=4.1.2
Samba	=4.1.3
Samba	=4.1.4
Samba	=4.1.5
Samba	=4.1.6
Samba	=4.1.7
Samba	=4.1.8
Samba	=4.1.9
Samba	=4.1.10
Samba	=4.1.11
Samba	=4.1.12
Samba	=4.1.13
Samba	=4.1.14
Samba	=4.1.15
Samba	=4.2.0-rc1
Samba	=4.2.0-rc2
Samba	=4.2.0-rc3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8143?
CVE-2014-8143 is considered a high-severity vulnerability due to its potential to allow privilege escalation for authenticated users.
How do I fix CVE-2014-8143?
To fix CVE-2014-8143, update Samba to versions 4.0.24, 4.1.16, or 4.2rc4 or later.
Who is impacted by CVE-2014-8143?
CVE-2014-8143 affects Samba versions prior to 4.0.24, 4.1.16, and 4.2rc4 installed on servers acting as Active Directory Domain Controllers.
What kind of access does CVE-2014-8143 provide to attackers?
CVE-2014-8143 allows remote authenticated users to gain elevated privileges by manipulating the userAccountControl attribute.
Is CVE-2014-8143 still a risk if Samba is updated?
Once Samba is updated to the recommended versions, CVE-2014-8143 should no longer pose a risk.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/severity
agent/remedy
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/samba
canonical/samba
version/samba/4.0.0
version/samba/4.0.1
version/samba/4.0.2
version/samba/4.0.3
version/samba/4.0.4
version/samba/4.0.5
version/samba/4.0.6
version/samba/4.0.7
version/samba/4.0.8
version/samba/4.0.9
version/samba/4.0.10
version/samba/4.0.11
version/samba/4.0.12
version/samba/4.0.13
version/samba/4.0.14
version/samba/4.0.15
version/samba/4.0.16
version/samba/4.0.17
version/samba/4.0.18
version/samba/4.0.19
version/samba/4.0.20
version/samba/4.0.21
version/samba/4.0.22
version/samba/4.0.23
version/samba/4.1.0
version/samba/4.1.1
version/samba/4.1.2
version/samba/4.1.3
version/samba/4.1.4
version/samba/4.1.5
version/samba/4.1.6
version/samba/4.1.7
version/samba/4.1.8
version/samba/4.1.9
version/samba/4.1.10
version/samba/4.1.11
version/samba/4.1.12
version/samba/4.1.13
version/samba/4.1.14
version/samba/4.1.15
version/samba/4.2.0-rc1
version/samba/4.2.0-rc2
version/samba/4.2.0-rc3

CVE-2014-8143

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8143?

How do I fix CVE-2014-8143?

Who is impacted by CVE-2014-8143?

What kind of access does CVE-2014-8143 provide to attackers?

Is CVE-2014-8143 still a risk if Samba is updated?

Company

Resources

Contact