Executive Summary

Informations
Name CVE-2014-8143 First vendor Publication 2015-01-16
Vendor Cve Last vendor Modification 2017-09-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 8.5 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 43

Nessus® Vulnerability Scanner

Date Description
2016-04-18 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-462.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-083.nasl - Type : ACT_GATHER_INFO
2015-02-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-179.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2481-1.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Samba server is affected by a privilege escalation vulnerability.
File : samba_4_1_16.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2015-020-01.nasl - Type : ACT_GATHER_INFO
2015-01-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_d4f456769d3311e48275000c292e4fd8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/72278
CONFIRM https://download.samba.org/pub/samba/patches/security/samba-4.0.23-CVE-2014-8...
https://download.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8...
https://www.samba.org/samba/security/CVE-2014-8143
SECTRACK http://www.securitytracker.com/id/1031615
SECUNIA http://secunia.com/advisories/62594
SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&...
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
UBUNTU http://www.ubuntu.com/usn/USN-2481-1
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/100596

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Date Informations
2021-05-04 12:34:51
  • Multiple Updates
2021-04-22 01:42:23
  • Multiple Updates
2020-05-23 00:42:36
  • Multiple Updates
2017-09-08 09:23:12
  • Multiple Updates
2016-12-03 09:23:58
  • Multiple Updates
2016-04-19 13:30:03
  • Multiple Updates
2015-03-31 13:28:58
  • Multiple Updates
2015-03-06 09:23:36
  • Multiple Updates
2015-02-28 13:24:13
  • Multiple Updates
2015-02-13 17:22:35
  • Multiple Updates
2015-02-12 00:22:18
  • Multiple Updates
2015-02-11 09:23:03
  • Multiple Updates
2015-01-28 17:23:10
  • Multiple Updates
2015-01-24 13:23:48
  • Multiple Updates
2015-01-23 13:24:50
  • Multiple Updates
2015-01-22 13:25:01
  • Multiple Updates
2015-01-21 21:23:51
  • Multiple Updates
2015-01-18 13:25:06
  • Multiple Updates
2015-01-17 09:23:53
  • First insertion