3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
0.084 Low
EPSS
Percentile
94.4%
The version of Samba on the remote host is 3.6.x prior to 3.6.24, 4.0.x prior to 4.0.19, or 4.1.x prior to 4.1.9 and is affected by the following vulnerabilities :
A denial of service flaw exists with ‘nmbd’. A remote attacker, with a specially crafted packet, could cause the CPU to loop the same code segment, preventing further NetBIOS name services. (CVE-2014-0244)
A denial of service flaw exists with ‘smbd’ when an authenticated client makes a non-unicode request for a valid unicode path. An invalid return code from the conversion of bad unicode to Windows character set can cause memory at an offset from the expected return buffer to be overwritten. This could allow a remote authenticated attacker to cause a denial of service. (CVE-2014-3493)
Binary data 8757.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
www.samba.org/samba/history/samba-3.6.24.html
www.samba.org/samba/history/samba-4.0.19.html
www.samba.org/samba/history/samba-4.1.9.html
www.samba.org/samba/security/CVE-2014-0244
www.samba.org/samba/security/CVE-2014-3493