ID de Prueba:	1.3.6.1.4.1.25623.1.0.117771
Categoría:	Privilege escalation
Título:	Samba Privilege Escalation Vulnerability (CVE-2014-8143)
Resumen:	In Samba's AD DC we neglected to ensure that attempted; modifications of the userAccountControl attribute did not allow the UF_SERVER_TRUST_ACCOUNT bit to; be set.
Descripción:	Summary: In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UF_SERVER_TRUST_ACCOUNT bit to be set. Vulnerability Insight: Samba's AD DC allows the administrator to delegate creation of user or computer accounts to specific users or groups. However, all released versions of Samba's AD DC did not implement the additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl attributes. Affected Software/OS: Samba versions 4.0.0 through 4.0.23 and 4.1.x through 4.1.15. Solution: Update to version 4.0.24, 4.1.16 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8143 BugTraq ID: 72278 http://www.securityfocus.com/bid/72278 http://www.securitytracker.com/id/1031615 http://secunia.com/advisories/62594 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.416326 SuSE Security Announcement: openSUSE-SU-2015:0375 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html http://www.ubuntu.com/usn/USN-2481-1 XForce ISS Database: samba-cve20148143-priv-esc(100596) https://exchange.xforce.ibmcloud.com/vulnerabilities/100596
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.