CVE-2014-3560
published 2014-08-06CVE-2014-3560: NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified…
PriorityP262high7.9CVSS 2.0
AVAACMAuNCCICAC
EPSS
56.38%
98.9th percentile
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | samba | < samba 2:4.1.11+dfsg-1 (bookworm) | samba 2:4.1.11+dfsg-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target process: nmbd (NetBIOS name services daemon) must be running and listening on the network to be exploitable ↗
- →Attack vector requires attacker to operate a fake SMB master browser on the local network segment to send crafted packets to nmbd ↗
- →Vulnerable code location: heap overflow triggered via the unstrcpy macro in string_wrappers.h due to sizeof on incorrect variable ↗
- →Affected versions for detection/patching scope: Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 ↗
- ·Exploitation is limited to local network access only; cannot be triggered by traffic from a different subnet even if nmbd is exposed on the public internet ↗
- ·Only Samba 4.0.0 and higher are affected; Samba versions shipped with RHEL 5 (samba, samba3x) and RHEL 6 (samba) are not affected ↗
- ·The related nstrcpy() macro contains the same bug introduced by the same upstream commit but has no security impact as it is not used anywhere in the Samba source code ↗
CVSS provenance
nvdv2.07.9HIGHAV:A/AC:M/Au:N/C:C/I:C/A:C
osv7.9HIGH
vendor_debian7.9HIGH
vendor_redhat7.9HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6xf9-6qc5-4w36: NetBIOS name services daemon (nmbd) in Samba 4
ghsa_unreviewed·2022-05-14
CVE-2014-3560 [HIGH] CWE-94 GHSA-6xf9-6qc5-4w36: NetBIOS name services daemon (nmbd) in Samba 4
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
OSV
CVE-2014-3560: NetBIOS name services daemon (nmbd) in Samba 4
osv·2014-08-06·CVSS 7.9
CVE-2014-3560 [HIGH] CVE-2014-3560: NetBIOS name services daemon (nmbd) in Samba 4
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Ubuntu
Samba vulnerability
vendor_ubuntu·2014-08-01
CVE-2014-3560 Samba vulnerability
Title: Samba vulnerability
Summary: Samba could be made to run programs as an administrator if it received
specially crafted network traffic.
Volker Lendecke discovered that the Samba NetBIOS name service daemon
incorrectly handled certain memory operations. A remote attacker could use
this issue to execute arbitrary code as the root user.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
samba: remote code execution in nmbd
vendor_redhat·2014-07-31·CVSS 7.9
CVE-2014-3560 [HIGH] CWE-119 samba: remote code execution in nmbd
samba: remote code execution in nmbd
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges.
Statement: This issue did not affect the versions of samba or samba3x as shipped with Red Hat Enterprise Linux 5, and the versions of samba as shipped with Red Hat Enterprise Linux 6, as it only
Debian
CVE-2014-3560: samba - NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x befor...
vendor_debian·2014·CVSS 7.9
CVE-2014-3560 [HIGH] CVE-2014-3560: samba - NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x befor...
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Scope: local
bookworm: resolved (fixed in 2:4.1.11+dfsg-1)
bullseye: resolved (fixed in 2:4.1.11+dfsg-1)
forky: resolved (fixed in 2:4.1.11+dfsg-1)
sid: resolved (fixed in 2:4.1.11+dfsg-1)
trixie: resolved (fixed in 2:4.1.11+dfsg-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3560 samba: remote code execution in nmbd [fedora-all]
bugzilla·2014-08-01·CVSS 7.9
CVE-2014-3560 [HIGH] CVE-2014-3560 samba: remote code execution in nmbd [fedora-all]
CVE-2014-3560 samba: remote code execution in nmbd [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While
Bugzilla
CVE-2014-3560 samba: remote code execution in nmbd
bugzilla·2014-08-01·CVSS 7.9
CVE-2014-3560 [HIGH] CVE-2014-3560 samba: remote code execution in nmbd
CVE-2014-3560 samba: remote code execution in nmbd
As reported in the upstream advisory and bugzilla [1]:
All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon.
A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).
Patches are available for 4.1.x [2] and 4.0.x [3].
[1] https://bugzilla.samba.org/show_bug.cgi?id=10735
[2] https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605
[3] https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
External References:
https://www.samba
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00027.htmlhttp://secunia.com/advisories/59583http://secunia.com/advisories/59610http://secunia.com/advisories/59976http://www.samba.org/samba/security/CVE-2014-3560http://www.securityfocus.com/bid/69021http://www.securitytracker.com/id/1030663http://www.ubuntu.com/usn/USN-2305-1https://bugzilla.redhat.com/show_bug.cgi?id=1126010https://exchange.xforce.ibmcloud.com/vulnerabilities/95081https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00027.htmlhttp://secunia.com/advisories/59583http://secunia.com/advisories/59610http://secunia.com/advisories/59976http://www.samba.org/samba/security/CVE-2014-3560http://www.securityfocus.com/bid/69021http://www.securitytracker.com/id/1030663http://www.ubuntu.com/usn/USN-2305-1https://bugzilla.redhat.com/show_bug.cgi?id=1126010https://exchange.xforce.ibmcloud.com/vulnerabilities/95081https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
2014-08-06
Published