Main Vulnerability Database SB2014062509

SB2014062509 - Input validation error in samba (Alpine package)

Published: June 25, 2014

Security Bulletin ID SB2014062509

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2014-0178)

The vulnerability allows a remote #AU# to gain access to sensitive information.

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. Per: http://cwe.mitre.org/data/definitions/665.html "CWE-665: Improper Initialization"

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=78b979ac65ba3411be0c978f668d87fd432bf2ac