[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3560Date: (C)2014-08-15   (M)2023-12-22


NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.9
Exploit Score: 5.5
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1030663
SECUNIA-59583
SECUNIA-59610
SECUNIA-59976
BID-69021
FEDORA-2014-9132
FEDORA-2014-9141
USN-2305-1
http://www.samba.org/samba/security/CVE-2014-3560
https://bugzilla.redhat.com/show_bug.cgi?id=1126010
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
openSUSE-SU-2014:1040
samba-cve20143560-bo(95081)

CPE    34
cpe:/a:samba:samba:4.0.20
cpe:/a:samba:samba:4.1.10
cpe:/o:redhat:enterprise_linux:7.0
cpe:/a:samba:samba:4.0.2
...
CWE    1
CWE-94
OVAL    12
oval:org.secpod.oval:def:702146
oval:org.secpod.oval:def:203385
oval:org.secpod.oval:def:203384
oval:org.secpod.oval:def:1500668
...

© SecPod Technologies