certfr_avis - certfr-2014-avi-339

CERTFR-2014-AVI-339

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Samba. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba versions 4.1.10 et antérieures

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CVE-2014-3560 (GCVE-0-2014-3560)

Vulnerability from cvelistv5

Published

2014-08-06 18:00

Modified

2024-08-06 10:50

Severity ?

CWE

Summary

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1126010	x_refsource_CONFIRM
	http://www.samba.org/samba/security/CVE-2014-3560	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	vendor-advisory, x_refsource_FEDORA
	https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1030663	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/59583	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/69021	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-2305-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2	x_refsource_CONFIRM
	http://secunia.com/advisories/59610	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/95081	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/59976	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:16.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.samba.org/samba/security/CVE-2014-3560"
          },
          {
            "name": "FEDORA-2014-9141",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"
          },
          {
            "name": "FEDORA-2014-9132",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"
          },
          {
            "name": "1030663",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030663"
          },
          {
            "name": "59583",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59583"
          },
          {
            "name": "69021",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69021"
          },
          {
            "name": "USN-2305-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2305-1"
          },
          {
            "name": "openSUSE-SU-2014:1040",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"
          },
          {
            "name": "59610",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59610"
          },
          {
            "name": "samba-cve20143560-bo(95081)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"
          },
          {
            "name": "59976",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59976"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.samba.org/samba/security/CVE-2014-3560"
        },
        {
          "name": "FEDORA-2014-9141",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"
        },
        {
          "name": "FEDORA-2014-9132",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"
        },
        {
          "name": "1030663",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030663"
        },
        {
          "name": "59583",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59583"
        },
        {
          "name": "69021",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69021"
        },
        {
          "name": "USN-2305-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2305-1"
        },
        {
          "name": "openSUSE-SU-2014:1040",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"
        },
        {
          "name": "59610",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59610"
        },
        {
          "name": "samba-cve20143560-bo(95081)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"
        },
        {
          "name": "59976",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59976"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3560",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"
            },
            {
              "name": "http://www.samba.org/samba/security/CVE-2014-3560",
              "refsource": "CONFIRM",
              "url": "http://www.samba.org/samba/security/CVE-2014-3560"
            },
            {
              "name": "FEDORA-2014-9141",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"
            },
            {
              "name": "FEDORA-2014-9132",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
            },
            {
              "name": "https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605",
              "refsource": "CONFIRM",
              "url": "https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605"
            },
            {
              "name": "1030663",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030663"
            },
            {
              "name": "59583",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59583"
            },
            {
              "name": "69021",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69021"
            },
            {
              "name": "USN-2305-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2305-1"
            },
            {
              "name": "openSUSE-SU-2014:1040",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"
            },
            {
              "name": "https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2",
              "refsource": "CONFIRM",
              "url": "https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"
            },
            {
              "name": "59610",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59610"
            },
            {
              "name": "samba-cve20143560-bo(95081)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"
            },
            {
              "name": "59976",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59976"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3560",
    "datePublished": "2014-08-06T18:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:16.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted