cbcvebase.
CVE-2014-3560
published 2014-08-06

CVE-2014-3560: NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified…

PriorityP262high7.9CVSS 2.0
AVAACMAuNCCICAC
EPSS
56.38%
98.9th percentile
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debiansamba< samba 2:4.1.11+dfsg-1 (bookworm)samba 2:4.1.11+dfsg-1 (bookworm)
redhatenterprise_linux
redhatenterprise_linux
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba

Detection & IOCsextracted from sources · hover to see the quote

  • Target process: nmbd (NetBIOS name services daemon) must be running and listening on the network to be exploitable
  • Attack vector requires attacker to operate a fake SMB master browser on the local network segment to send crafted packets to nmbd
  • Vulnerable code location: heap overflow triggered via the unstrcpy macro in string_wrappers.h due to sizeof on incorrect variable
  • Affected versions for detection/patching scope: Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11
  • ·Exploitation is limited to local network access only; cannot be triggered by traffic from a different subnet even if nmbd is exposed on the public internet
  • ·Only Samba 4.0.0 and higher are affected; Samba versions shipped with RHEL 5 (samba, samba3x) and RHEL 6 (samba) are not affected
  • ·The related nstrcpy() macro contains the same bug introduced by the same upstream commit but has no security impact as it is not used anywhere in the Samba source code

CVSS provenance

nvdv2.07.9HIGHAV:A/AC:M/Au:N/C:C/I:C/A:C
osv7.9HIGH
vendor_debian7.9HIGH
vendor_redhat7.9HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.