SB2014062510 - Slackware Linux update for samba

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014062510

SB2014062510 - Slackware Linux update for samba

Published: June 25, 2014 Updated: May 6, 2017

Security Bulletin ID SB2014062510
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2014-0178)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. Per: http://cwe.mitre.org/data/definitions/665.html "CWE-665: Improper Initialization"


2) Input validation error (CVE-ID: CVE-2014-0239)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.


3) Input validation error (CVE-ID: CVE-2014-0244)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.


4) Buffer overflow (CVE-ID: CVE-2014-3493)

The vulnerability allows a remote #AU# to perform service disruption.

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.


Remediation

Install update from vendor's website.

References