CVE-2014-0178

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
sambasamba
3.6.6 ≤
𝑥
< 3.6.25
sambasamba
4.0.0 ≤
𝑥
< 4.0.18
sambasamba
4.1.0 ≤
𝑥
< 4.1.8
sambasamba
4.1.0
sambasamba
4.1.1
sambasamba
4.1.2
sambasamba
4.1.3
sambasamba
4.1.4
sambasamba
4.1.5
sambasamba
4.1.6
sambasamba
4.1.7
sambasamba
3.6.6
sambasamba
3.6.7
sambasamba
3.6.8
sambasamba
3.6.9
sambasamba
3.6.10
sambasamba
3.6.11
sambasamba
3.6.12
sambasamba
3.6.13
sambasamba
3.6.14
sambasamba
3.6.15
sambasamba
3.6.16
sambasamba
3.6.17
sambasamba
3.6.18
sambasamba
3.6.19
sambasamba
3.6.20
sambasamba
3.6.21
sambasamba
3.6.22
sambasamba
3.6.23
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
squeeze
not-affected
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
Fixed 2:4.1.6+dfsg-1ubuntu2.14.04.2
released
saucy
Fixed 2:3.6.18-1ubuntu3.3
released
precise
not-affected
lucid
not-affected
samba4
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0279.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
http://secunia.com/advisories/59378
http://secunia.com/advisories/59407
http://secunia.com/advisories/59579
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.samba.org/samba/security/CVE-2014-0178
http://www.securityfocus.com/archive/1/532757/100/0/threaded
http://www.securityfocus.com/bid/67686
http://www.securitytracker.com/id/1030308
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
http://advisories.mageia.org/MGASA-2014-0279.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
http://secunia.com/advisories/59378
http://secunia.com/advisories/59407
http://secunia.com/advisories/59579
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.samba.org/samba/security/CVE-2014-0178
http://www.securityfocus.com/archive/1/532757/100/0/threaded
http://www.securityfocus.com/bid/67686
http://www.securitytracker.com/id/1030308
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993