fkie_cve-2014-3560
Vulnerability from fkie_nvd
Published
2014-08-06 18:55
Modified
2025-04-12 10:46
Severity ?
Summary
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
secalert@redhat.comhttp://secunia.com/advisories/59583
secalert@redhat.comhttp://secunia.com/advisories/59610
secalert@redhat.comhttp://secunia.com/advisories/59976
secalert@redhat.comhttp://www.samba.org/samba/security/CVE-2014-3560Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/69021
secalert@redhat.comhttp://www.securitytracker.com/id/1030663
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2305-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1126010
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95081
secalert@redhat.comhttps://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605
secalert@redhat.comhttps://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59583
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59610
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59976
af854a3a-2127-422b-91ae-364da2661108http://www.samba.org/samba/security/CVE-2014-3560Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/69021
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030663
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2305-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1126010
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/95081
af854a3a-2127-422b-91ae-364da2661108https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605
af854a3a-2127-422b-91ae-364da2661108https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
Impacted products
Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
samba samba 4.1.0
samba samba 4.1.1
samba samba 4.1.2
samba samba 4.1.3
samba samba 4.1.4
samba samba 4.1.5
samba samba 4.1.6
samba samba 4.1.7
samba samba 4.1.8
samba samba 4.1.9
samba samba 4.1.10
samba samba 4.0.0
samba samba 4.0.1
samba samba 4.0.2
samba samba 4.0.3
samba samba 4.0.4
samba samba 4.0.5
samba samba 4.0.6
samba samba 4.0.7
samba samba 4.0.8
samba samba 4.0.9
samba samba 4.0.10
samba samba 4.0.11
samba samba 4.0.12
samba samba 4.0.13
samba samba 4.0.14
samba samba 4.0.15
samba samba 4.0.16
samba samba 4.0.17
samba samba 4.0.18
samba samba 4.0.19
samba samba 4.0.20


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB9C10B-284E-48CD-A524-1A6BF828AED9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F70DD815-1DAA-4025-8C97-32C7D06D8AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A37DA6E-6EB7-429B-ACE0-2B1220BD62C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA25E8C-9EFA-4A01-A2F0-CD63A39EDD08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C33F47-0F28-4AE2-A895-82B5E0F4496D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EEFF35-E903-4651-A4B4-D92FF26A7509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44BD172-80FA-4260-BAFB-251A95E8C7B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F09116D2-F168-4305-9A1D-88A1D42739A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "558E0B71-F79E-47B5-90CC-9C165BB15507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D7E102-DD54-43F2-B008-66F7C243477E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8066AB8C-1AE6-4DA3-91DB-4BF67DBBA279",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DEEFFF7-DF7C-4641-81A9-1CD64DC29DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2855B3F6-49B6-4D25-BEAC-4D1797D1E100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C1F1993-70A2-4104-85AF-3BECB330AB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E955458C-8F5C-4D55-9F78-9E1CB4416F10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "866FF7AC-19EA-49E7-B423-9FF57839B580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A1A64C7-B039-4724-B06C-EAC898EB3B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C572E25A-4B44-426D-B637-292A08766D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D96D806-ED52-4010-9F5F-F84E33C245D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "643FC7D2-FC39-43FA-99E6-805553FE1DCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B95519-0C9D-473C-912D-E350106DC4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC603E1A-7882-45F0-9E8D-157F191C0FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F9321C-B442-4081-8E4A-62BAD95239A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "012A397B-004D-489C-B06D-C0D67E26B1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "392E0C61-7718-4DBC-8F02-6F3C2CBE1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D893CD1C-31D7-4F7F-BD0B-BEF75DCB2DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "324AE9D7-C41F-493E-A1AD-FCD869D29D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "68519B1F-F315-4BBD-A4A3-4E1956D81E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF745E93-A92E-4AD7-8D42-36E9387C6915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E4B760-417E-45D1-9CE1-AEBC8936BDA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0DA221-078A-49DC-B0F1-F318FD785664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72BCA7B-6338-4A7C-AE71-E0B8F6C9F2F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h."
    },
    {
      "lang": "es",
      "value": "NetBIOS name services daemon (nmbd) en Samba 4.0.x anterior a 4.0.21 y 4.1.x anterior a 4.1.11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados que modifican la memoria din\u00e1mica, involucrando una operaci\u00f3n sizeof sobre una variable incorrecta en la macro unstrcpy en string_wrappers.h."
    }
  ],
  "id": "CVE-2014-3560",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-06T18:55:05.683",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59583"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59610"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/59976"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2014-3560"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/69021"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030663"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2305-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59610"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2014-3560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2305-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.