CVE-2014-3560

Canonical Ubuntu Linux - Code Injection

Title source: rule

Description

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

References (14)

Core 14

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1126010

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/security/CVE-2014-3560

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

Various Sources x_refsource_confirm

https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030663

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59583

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69021

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2305-1

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html

Various Sources x_refsource_confirm

https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59610

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/95081

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59976

Scores

EPSS 0.7195

EPSS Percentile 98.8%

Details

CWE

CWE-94

Status published

Products (35)

canonical/ubuntu_linux 14.04

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

samba/samba 4.1.0

samba/samba 4.1.1

samba/samba 4.1.2

samba/samba 4.1.3

samba/samba 4.1.4

samba/samba 4.1.5

samba/samba 4.1.6

... and 25 more

Published Aug 06, 2014

Tracked Since Feb 18, 2026