Vulnerability Details : CVE-2014-0178
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
Products affected by CVE-2014-0178
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0178
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0178
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2014-0178
-
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0178
-
http://www.securityfocus.com/archive/1/532757/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.samba.org/samba/security/CVE-2014-0178
Samba - Security Announcement ArchiveVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
503 Backend fetch failedMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1030308
Samba Discloses Portions of System Memory to Remote Authenticated Users - SecurityTrackerThird Party Advisory;VDB Entry
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, UnauthorizThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
mandriva.comBroken Link
-
http://www.securityfocus.com/bid/67686
Samba Uninitialized Memory Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201502-15.xml
Samba: Multiple vulnerabilities (GLSA 201502-15) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/59407
Sign inThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
[SECURITY] Fedora 20 Update: samba-4.1.9-3.fc20Mailing List;Third Party Advisory
-
http://advisories.mageia.org/MGASA-2014-0279.html
Mageia Advisory: MGASA-2014-0279 - Updated samba packages fix multiple vulnerabilitiesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
mandriva.comThird Party Advisory
Jump to