Buffer overflow in Samba
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-3493 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Samba Server applications / Directory software, identity management |
| Vendor | Samba |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU32524
Risk: Low
CVSSv3.1: 1.3 [CVSS:3.1/CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-3493
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform service disruption.
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamba: 3.6.0 - 3.6.23
External linkshttp://advisories.mageia.org/MGASA-2014-0279.html
http://linux.oracle.com/errata/ELSA-2014-0866.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
http://rhn.redhat.com/errata/RHSA-2014-0866.html
http://secunia.com/advisories/59378
http://secunia.com/advisories/59407
http://secunia.com/advisories/59433
http://secunia.com/advisories/59579
http://secunia.com/advisories/59834
http://secunia.com/advisories/59848
http://secunia.com/advisories/59919
http://secunia.com/advisories/61218
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.samba.org/samba/security/CVE-2014-3493
http://www.securityfocus.com/archive/1/532757/100/0/threaded
http://www.securityfocus.com/bid/68150
http://www.securitytracker.com/id/1030455
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
http://bugzilla.redhat.com/show_bug.cgi?id=1108748
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
