CVE-2014-0178

Samba 3.6.6-4.1.8 - Info Disclosure

Title source: llm

Description

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

References (14)

Core 14

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67686

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2014:136

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/security/CVE-2014-0178

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030308

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/532757/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201502-15.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59407

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

Third Party Advisory x_refsource_confirm

http://advisories.mageia.org/MGASA-2014-0279.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59378

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2015:082

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59579

Third Party Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Scores

EPSS 0.0230

EPSS Percentile 84.9%

Details

CWE

CWE-665

Status published

Products (27)

samba/samba 4.1.0

samba/samba 4.1.1

samba/samba 4.1.2

samba/samba 4.1.3

samba/samba 4.1.4

samba/samba 4.1.5

samba/samba 4.1.6

samba/samba 4.1.7

samba/samba 3.6.6

samba/samba 3.6.7

... and 17 more

Published May 28, 2014

Tracked Since Feb 18, 2026