Information Disclosure

2019-01-1508:58:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.006 Low

EPSS

Percentile

78.2%

JSON

samba4 is vulnerable to information disclosure attacks. The vulnerability exists when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

CPENameOperatorVersion
samba4eq4.0.0__57.el6_4.rc4
samba4eq4.0.0__60.el6_5.rc4
samba4eq4.0.0__23.alpha11.el6
samba4eq4.0.0__61.el6_5.rc4
samba4eq4.0.0__58.el6.rc4
samba4eq4.0.0__55.el6.rc4
samba4eq4.0.0__57.el6_4.rc4
samba4eq4.0.0__60.el6_5.rc4
samba4eq4.0.0__23.alpha11.el6
samba4eq4.0.0__61.el6_5.rc4

Name	Operator	Version
samba4	eq	4.0.0__57.el6_4.rc4
samba4	eq	4.0.0__60.el6_5.rc4
samba4	eq	4.0.0__23.alpha11.el6
samba4	eq	4.0.0__61.el6_5.rc4
samba4	eq	4.0.0__58.el6.rc4
samba4	eq	4.0.0__55.el6.rc4
samba4	eq	4.0.0__57.el6_4.rc4
samba4	eq	4.0.0__60.el6_5.rc4
samba4	eq	4.0.0__23.alpha11.el6
samba4	eq	4.0.0__61.el6_5.rc4