CVE-2014-8143

Name of the Vulnerable Software and Affected Versions Samba versions 4.0.x through 4.0.23 Samba versions 4.1.x through 4.1.15 Samba versions 4.2.x through 4.2rc3

Description The issue is related to the configuration of an Active Directory Domain Controller (AD DC) in Samba, which allows remote authenticated users to gain privileges by setting the LDB userAccountControl UF SERVER TRUST ACCOUNT bit. This is due to a lack of control over privileges and access management. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Samba versions 4.0.x through 4.0.23, update to version 4.0.24 or later. For Samba versions 4.1.x through 4.1.15, update to version 4.1.16 or later. For Samba versions 4.2.x through 4.2rc3, update to version 4.2rc4 or later.