Arch Linux Security Advisory ASA-201501-10 ========================================== Severity: High Date : 2015-01-19 CVE-ID : CVE-2014-8143 Package : samba Type : privilege elevation Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package samba before version 4.1.16-1 is vulnerable to privilege elevation when an Active Directory Domain Controller is configured. Resolution ========== Upgrade to 4.1.16-1. # pacman -Syu "samba>=4.1.16-1" The problem has been fixed upstream in version 4.1.16. Workaround ========== Do not delegate permission to create users or computers beyond the default of Domain Administrators. Description =========== Samba's Active Directory Domain Controller (AD DC) allows the administrator to delegate creation of user or computer accounts to specific users or groups. Samba's AD DC did not implement the additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl attributes. Most Samba deployments are not of the AD Domain Controller, but are of the classic domain controller, the file server or print server. Only the AD DC is affected by this issue. Additionally, most sites running the AD Domain Controller do not configure delegation for the creation of user or computer accounts, and so are not vulnerable to this issue, as no writes are permitted to the userAccountControl attribute, no matter what the value. Impact ====== Remote authenticated users are able to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation when an Active Directory Domain Controller (AD DC) is configured. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8143 https://www.samba.org/samba/security/CVE-2014-8143