Korean
<< Back
VID 23239
Severity 40
Port 139
Protocol TCP
Class Samba
Detailed Description According to its banner, the version of Samba running on the remote host is 4.x prior to 4.1.16 and is, therefore, potentially affected by a privilege escalation vulnerability.

The Samba server is affected by a flaw in the Active Directory Domain Controller (AD DC) component due to a failure to implement a required check on the 'UF_SERVER_TRUST_ACCOUNT' bit of the 'userAccountControl' attributes. This vulnerability could allow a remote, authenticated attacker to elevate privileges.

Note that this issue only affects Samba installations acting as Active Directory Domain Controllers that allow delegation for the creation of user or computer accounts.

* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.

* References:
https://www.samba.org/samba/security/CVE-2014-8143
http://ftp.samba.org/pub/samba/patches/security/samba-4.1.15-CVE-2014-8143.patch

* Platforms Affected:
Samba Project, Samba versions 4.x before 4.1.16
Linux Any version
Unix Any version
Recommendation Upgrade to the latest version of Samba 4.1.16 or later, available from the Samba Web site at https://download.samba.org/pub/samba/
Related URL CVE-2014-8143 (CVE)
Related URL 72278 (SecurityFocus)
Related URL (ISS)