Lucene search

[email protected]CVE-2014-0178

HistoryMay 28, 2014 - 4:58 a.m.

CVE-2014-0178

2014-05-2804:58:32

CWE-665

[email protected]

web.nvd.nist.gov

samba

vulnerability

smb

security

nvd

cve-2014-0178

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Affected configurations

NVD

Node

sambasambaRange3.6.6–3.6.25

sambasambaRange4.0.0–4.0.18

sambasambaRange4.1.0–4.1.8

Node

sambasambaMatch4.1.0

sambasambaMatch4.1.1

sambasambaMatch4.1.2

sambasambaMatch4.1.3

sambasambaMatch4.1.4

sambasambaMatch4.1.5

sambasambaMatch4.1.6

sambasambaMatch4.1.7

Node

sambasambaMatch3.6.6

sambasambaMatch3.6.7

sambasambaMatch3.6.8

sambasambaMatch3.6.9

sambasambaMatch3.6.10

sambasambaMatch3.6.11

sambasambaMatch3.6.12

sambasambaMatch3.6.13

sambasambaMatch3.6.14

sambasambaMatch3.6.15

sambasambaMatch3.6.16

sambasambaMatch3.6.17

sambasambaMatch3.6.18

sambasambaMatch3.6.19

sambasambaMatch3.6.20

sambasambaMatch3.6.21

sambasambaMatch3.6.22

sambasambaMatch3.6.23

CPENameOperatorVersion
samba:sambasambalt3.6.25
samba:sambasambalt4.0.18
samba:sambasambalt4.1.8

CPE	Name	Operator	Version
samba:samba	samba	lt	3.6.25
samba:samba	samba	lt	4.0.18
samba:samba	samba	lt	4.1.8

References

advisories.mageia.org/MGASA-2014-0279.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

secunia.com/advisories/59378

secunia.com/advisories/59407

secunia.com/advisories/59579

security.gentoo.org/glsa/glsa-201502-15.xml

www.mandriva.com/security/advisories?name=MDVSA-2014:136

www.mandriva.com/security/advisories?name=MDVSA-2015:082

www.samba.org/samba/security/CVE-2014-0178

www.securityfocus.com/archive/1/532757/100/0/threaded

www.securityfocus.com/bid/67686

www.securitytracker.com/id/1030308

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2014-0178

ibm2 samba1 openvas18 nessus22 prion1 nvd1 cvelist1 ubuntucve1 veracode1 debiancve1 altlinux3 redhat2 oraclelinux2 mageia1 debian1 centos2 osv1 slackware1 securityvulns2 ubuntu1 fedora5 gentoo1