#VU32524 Buffer overflow in Samba


Published: 2014-06-23 | Updated: 2020-07-28

Vulnerability identifier: #VU32524

Vulnerability risk: Low

CVSSv3.1: 1.3 [CVSS:3.1/CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3493

CWE-ID: CWE-119

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote #AU# to perform service disruption.

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.6.0 - 3.6.23

External links
http://advisories.mageia.org/MGASA-2014-0279.html
http://linux.oracle.com/errata/ELSA-2014-0866.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
http://rhn.redhat.com/errata/RHSA-2014-0866.html
http://secunia.com/advisories/59378
http://secunia.com/advisories/59407
http://secunia.com/advisories/59433
http://secunia.com/advisories/59579
http://secunia.com/advisories/59834
http://secunia.com/advisories/59848
http://secunia.com/advisories/59919
http://secunia.com/advisories/61218
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
http://www.samba.org/samba/security/CVE-2014-3493
http://www.securityfocus.com/archive/1/532757/100/0/threaded
http://www.securityfocus.com/bid/68150
http://www.securitytracker.com/id/1030455
http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
http://bugzilla.redhat.com/show_bug.cgi?id=1108748
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HPE HP-UX CIFS-Server (Samba)
Buffer overflow in samba (Alpine package)
Slackware Linux update for samba
Buffer overflow in Samba