Bug 1181638 (CVE-2014-8143) - CVE-2014-8143 samba: Privileges elevation to Active Directory Domain Controller
Summary: CVE-2014-8143 samba: Privileges elevation to Active Directory Domain Controller
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-8143
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1181641
TreeView+ depends on / blocked
 
Reported: 2015-01-13 14:13 UTC by Vasyl Kaigorodov
Modified: 2023-05-12 06:30 UTC (History)
1 user (show)

Fixed In Version: samba 4.0.24, samba 4.1.16, samba 4.2rc4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-21 15:38:43 UTC
Embargoed:


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-01-13 14:13:22 UTC
It was reported that Samba's Active Directory Domain Controller allows the administrator to delegate creation of user or computer accounts to specific users or groups.
See External References for additional information.

However, all released versions of Samba's Active Directory Domain Controller did not implement the additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the userAccountControl attributes.

Most Samba deployments are not of the AD Domain Controller, but are of the classic domain controller, the file server or print server. Only the AD DC is affected by this issue.

Additionally, most sites running the AD Domain Controller do not configure delegation for the creation of user or computer accounts, and so are not vulnerable to this issue, as no writes are permitted to the userAccountControl attribute, no matter what the value.

Acknowledgements:

Red Hat would like to thank the Samba Team for reporting this issue. Upstream acknowledges Andrew Bartlett of Catalyst IT as the original reporter.

Statement:

Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 5, 6 and 7, and Red Hat Storage 2.1 and 3.0, versions of samba3x as shipped with Red Hat Enterprise Linux 5, versions of samba4 as shipped with Red Hat Enterprise Linux 6, as they did not include support for Samba Active Directory Domain Controller. All shipped Samba versions are using MIT Kerberos implementation as its Kerberos infrastructure of choice. The Samba builds shipped are using MIT Kerberos implementation in order to allow system-wide interoperability between both desktop and server applications running on the same machine.

Comment 1 Martin Prpič 2015-01-21 15:38:43 UTC
External References:

https://www.samba.org/samba/security/CVE-2014-8143


Note You need to log in before you can comment on or make changes to this bug.