Slackware Linux update for samba



| Updated: 2017-05-06
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2014-8143
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Slackware Linux
Operating systems & Components / Operating system

Vendor Slackware

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU40936

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-8143

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote #AU# to execute arbitrary code.

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.

Mitigation

Update the affected package samba.

Vulnerable software versions

Slackware Linux: 14.1

CPE2.3 External links

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###