SB2014062508 - Buffer overflow in samba (Alpine package)
Published: June 25, 2014
Security Bulletin ID
SB2014062508
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2014-3493)
The vulnerability allows a remote #AU# to perform service disruption.
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=309b701735b868b852f60a1d4a6cf6046a5982b9
- https://git.alpinelinux.org/aports/commit/?id=93413d654bcad7ee2ff55f3f900f8463ec12e1c8
- https://git.alpinelinux.org/aports/commit/?id=f627bd8b1a814a45ae23c03af368ea17cd1fae3b
- https://git.alpinelinux.org/aports/commit/?id=78b979ac65ba3411be0c978f668d87fd432bf2ac