#VU32524 Buffer overflow in Samba - CVE-2014-3493


| Updated: 2020-07-28

Vulnerability identifier: #VU32524

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2014-3493

CWE-ID: CWE-119

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote #AU# to perform service disruption.

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.6.0 - 3.6.23

External links
https://advisories.mageia.org/MGASA-2014-0279.html
https://linux.oracle.com/errata/ELSA-2014-0866.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
https://rhn.redhat.com/errata/RHSA-2014-0866.html
https://secunia.com/advisories/59378
https://secunia.com/advisories/59407
https://secunia.com/advisories/59433
https://secunia.com/advisories/59579
https://secunia.com/advisories/59834
https://secunia.com/advisories/59848
https://secunia.com/advisories/59919
https://secunia.com/advisories/61218
https://security.gentoo.org/glsa/glsa-201502-15.xml
https://www.mandriva.com/security/advisories?name=MDVSA-2014:136
https://www.mandriva.com/security/advisories?name=MDVSA-2015:082
https://www.samba.org/samba/security/CVE-2014-3493
https://www.securityfocus.com/archive/1/532757/100/0/threaded
https://www.securityfocus.com/bid/68150
https://www.securitytracker.com/id/1030455
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
https://bugzilla.redhat.com/show_bug.cgi?id=1108748
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HPE HP-UX CIFS-Server (Samba)
Buffer overflow in samba (Alpine package)
Slackware Linux update for samba
Buffer overflow in Samba