Lucene search

[email protected]NVD:CVE-2014-3493

HistoryJun 23, 2014 - 2:55 p.m.

CVE-2014-3493

2014-06-2314:55:05

CWE-119

[email protected]

web.nvd.nist.gov

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.

Affected configurations

NVD

Node

sambasambaMatch3.6.0

sambasambaMatch3.6.1

sambasambaMatch3.6.2

sambasambaMatch3.6.3

sambasambaMatch3.6.4

sambasambaMatch3.6.5

sambasambaMatch3.6.6

sambasambaMatch3.6.7

sambasambaMatch3.6.8

sambasambaMatch3.6.9

sambasambaMatch3.6.10

sambasambaMatch3.6.11

sambasambaMatch3.6.12

sambasambaMatch3.6.13

sambasambaMatch3.6.14

sambasambaMatch3.6.15

sambasambaMatch3.6.16

sambasambaMatch3.6.17

sambasambaMatch3.6.18

sambasambaMatch3.6.19

sambasambaMatch3.6.20

sambasambaMatch3.6.21

sambasambaMatch3.6.22

sambasambaMatch3.6.23

Node

sambasambaMatch4.1.0

sambasambaMatch4.1.1

sambasambaMatch4.1.2

sambasambaMatch4.1.3

sambasambaMatch4.1.4

sambasambaMatch4.1.5

sambasambaMatch4.1.6

sambasambaMatch4.1.7

sambasambaMatch4.1.8

Node

sambasambaMatch4.0.0

sambasambaMatch4.0.1

sambasambaMatch4.0.2

sambasambaMatch4.0.3

sambasambaMatch4.0.4

sambasambaMatch4.0.5

sambasambaMatch4.0.6

sambasambaMatch4.0.7

sambasambaMatch4.0.8

sambasambaMatch4.0.9

sambasambaMatch4.0.10

sambasambaMatch4.0.11

sambasambaMatch4.0.12

sambasambaMatch4.0.13

sambasambaMatch4.0.14

sambasambaMatch4.0.15

sambasambaMatch4.0.16

sambasambaMatch4.0.17

sambasambaMatch4.0.18

References

advisories.mageia.org/MGASA-2014-0279.html

linux.oracle.com/errata/ELSA-2014-0866.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

rhn.redhat.com/errata/RHSA-2014-0866.html

secunia.com/advisories/59378

secunia.com/advisories/59407

secunia.com/advisories/59433

secunia.com/advisories/59579

secunia.com/advisories/59834

secunia.com/advisories/59848

secunia.com/advisories/59919

secunia.com/advisories/61218

security.gentoo.org/glsa/glsa-201502-15.xml

www.mandriva.com/security/advisories?name=MDVSA-2014:136

www.mandriva.com/security/advisories?name=MDVSA-2015:082

www.samba.org/samba/security/CVE-2014-3493

www.securityfocus.com/archive/1/532757/100/0/threaded

www.securityfocus.com/bid/68150

www.securitytracker.com/id/1030455

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1

bugzilla.redhat.com/show_bug.cgi?id=1108748

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

6.1 Medium

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

JSON

Related for NVD:CVE-2014-3493

debiancve1 ubuntucve1 ibm2 veracode1 prion1 cve1 cvelist1 samba1 redhat3 openvas22 nessus26 altlinux3 freebsd1 oraclelinux4 centos3 osv1 mageia1 debian1 ubuntu1 securityvulns2 slackware1 fedora5 gentoo1