CVE-2014-3560 — Code Injection in Samba

CWE-94 — Code Injection CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

7.9HIGHNVD

EPSS

71.9%

top 1.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 6

Latest updateMay 14

Description

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/samba< samba 2:4.1.11+dfsg-1 (bookworm)

▶Debiansamba/samba< 2:4.1.11+dfsg-1+3

▶NVDsamba/samba32 versions+31

Also affects: Ubuntu Linux 14.04, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-6xf9-6qc5-4w36: NetBIOS name services daemon (nmbd) in Samba 4↗2022-05-14

▶

OSV

CVE-2014-3560: NetBIOS name services daemon (nmbd) in Samba 4↗2014-08-06

▶

📋Vendor Advisories

Ubuntu

Samba vulnerability↗2014-08-01

▶

Red Hat

samba: remote code execution in nmbd↗2014-07-31

▶

Debian

CVE-2014-3560: samba - NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x befor...↗2014

▶

💬Community

Bugzilla

CVE-2014-3560 samba: remote code execution in nmbd [fedora-all]↗2014-08-01

▶

Bugzilla

CVE-2014-3560 samba: remote code execution in nmbd↗2014-08-01

▶