7.9 - CVE-2014-3560

Executive Summary

Informations
Name	CVE-2014-3560	First vendor Publication	2014-08-06
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.9	Attack Range	Adjacent network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	5.5	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26046

Oval ID:	oval:org.mitre.oval:def:26046
Title:	RHSA-2014:1008: samba security and bug fix update (Important)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (CVE-2014-3560) This update also fixes the following bug: * Prior to this update, Samba incorrectly used the O_TRUNC flag when using the open(2) system call to access the contents of a file that was already opened by a different process, causing the file's previous contents to be removed. With this update, the O_TRUNC flag is no longer used in the above scenario, and file corruption no longer occurs. (BZ#1115490) All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1008-00 CESA-2014:1008 CVE-2014-3560	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	samba
Definition Synopsis:
Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section libsmbclient is earlier than 0:4.1.1-37.el7_0 AND libsmbclient-devel is earlier than 0:4.1.1-37.el7_0 AND libwbclient is earlier than 0:4.1.1-37.el7_0 AND libwbclient-devel is earlier than 0:4.1.1-37.el7_0 AND samba is earlier than 0:4.1.1-37.el7_0 AND samba-client is earlier than 0:4.1.1-37.el7_0 AND samba-common is earlier than 0:4.1.1-37.el7_0 AND samba-dc is earlier than 0:4.1.1-37.el7_0 AND samba-dc-libs is earlier than 0:4.1.1-37.el7_0 AND samba-devel is earlier than 0:4.1.1-37.el7_0 AND samba-libs is earlier than 0:4.1.1-37.el7_0 AND samba-pidl is earlier than 0:4.1.1-37.el7_0 AND samba-python is earlier than 0:4.1.1-37.el7_0 AND samba-test is earlier than 0:4.1.1-37.el7_0 AND samba-test-devel is earlier than 0:4.1.1-37.el7_0 AND samba-vfs-glusterfs is earlier than 0:4.1.1-37.el7_0 AND samba-winbind is earlier than 0:4.1.1-37.el7_0 AND samba-winbind-clients is earlier than 0:4.1.1-37.el7_0 AND samba-winbind-krb5-locator is earlier than 0:4.1.1-37.el7_0 AND samba-winbind-modules is earlier than 0:4.1.1-37.el7_0

Definition Id: oval:org.mitre.oval:def:26191

Oval ID:	oval:org.mitre.oval:def:26191
Title:	USN-2305-1 -- samba vulnerability
Description:	Samba could be made to run programs as an administrator if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-2305-1 CVE-2014-3560	Version:	3
Platform(s):	Ubuntu 14.04	Product(s):	samba
Definition Synopsis:
Ubuntu 14.04 is installed AND samba DPKG is earlier than 2:4.1.6+dfsg-1ubuntu2.14.04.3

Definition Id: oval:org.mitre.oval:def:26357

Oval ID:	oval:org.mitre.oval:def:26357
Title:	RHSA-2014:1009: samba4 security update (Important)
Description:	Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (CVE-2014-3560) All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1009-01 CESA-2014:1009 CVE-2014-0178 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	samba4
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section samba4 is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-client is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-common is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-dc is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-dc-libs is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-devel is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-libs is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-pidl is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-python is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-swat is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-test is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-winbind is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-winbind-clients is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-winbind-krb5-locator is earlier than 0:4.0.0-63.el6_5.rc4

Definition Id: oval:org.mitre.oval:def:27074

Oval ID:	oval:org.mitre.oval:def:27074
Title:	ELSA-2014-1009 -- samba4 security update (important)
Description:	[4.0.0-63.rc4] - resolves: #1126011 - CVE-2014-3560: remote code execution in nmbd. [4.0.0-62.rc4] - resolves: #1105501 - CVE-2014-0244: DoS in nmbd. - resolves: #1108842 - CVE-2014-3493: DoS in smbd with unicode path names. - resolves: #1105571 - CVE-2014-0178: Uninitialized memory exposure.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1009 CVE-2014-3560	Version:	3
Platform(s):	Oracle Linux 6	Product(s):	samba4
Definition Synopsis:
Oracle Linux 6.x Packages match section samba4 is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-client is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-common is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-dc is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-dc-libs is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-devel is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-libs is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-pidl is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-python is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-swat is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-test is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-winbind is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-winbind-clients is earlier than 0:4.0.0-63.el6_5.rc4 AND samba4-winbind-krb5-locator is earlier than 0:4.0.0-63.el6_5.rc4

Definition Id: oval:org.mitre.oval:def:27260

Oval ID:	oval:org.mitre.oval:def:27260
Title:	ELSA-2014-1008 -- samba security and bug fix update (important)
Description:	[4.1.1-37] - resolves: #1126013 - CVE-2014-3560: remote code execution in nmbd. [4.1.1-36] - resolves: #1115490 - Fix potential Samba file corruption.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1008 CVE-2014-3560	Version:	3
Platform(s):	Oracle Linux 7	Product(s):	samba
Definition Synopsis:
Oracle Linux 7.x Packages match section samba is earlier than 0:4.1.1-37.el7_0 AND libsmbclient is earlier than 0:4.1.1-37.el7_0 AND libsmbclient-devel is earlier than 0:4.1.1-37.el7_0 AND libwbclient is earlier than 0:4.1.1-37.el7_0 AND libwbclient-devel is earlier than 0:4.1.1-37.el7_0 AND samba-client is earlier than 0:4.1.1-37.el7_0 AND samba-common is earlier than 0:4.1.1-37.el7_0 AND samba-dc is earlier than 0:4.1.1-37.el7_0 AND samba-dc-libs is earlier than 0:4.1.1-37.el7_0 AND samba-devel is earlier than 0:4.1.1-37.el7_0 AND samba-libs is earlier than 0:4.1.1-37.el7_0 AND samba-pidl is earlier than 0:4.1.1-37.el7_0 AND samba-python is earlier than 0:4.1.1-37.el7_0 AND samba-test is earlier than 0:4.1.1-37.el7_0 AND samba-test-devel is earlier than 0:4.1.1-37.el7_0 AND samba-vfs-glusterfs is earlier than 0:4.1.1-37.el7_0 AND samba-winbind is earlier than 0:4.1.1-37.el7_0 AND samba-winbind-clients is earlier than 0:4.1.1-37.el7_0 AND samba-winbind-krb5-locator is earlier than 0:4.1.1-37.el7_0 AND samba-winbind-modules is earlier than 0:4.1.1-37.el7_0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Samba cpe:2.3:a:samba:samba:4.1.9:::::::* cpe:2.3:a:samba:samba:4.1.8:::::::* cpe:2.3:a:samba:samba:4.1.7:::::::* cpe:2.3:a:samba:samba:4.1.6:::::::* cpe:2.3:a:samba:samba:4.1.5:::::::* cpe:2.3:a:samba:samba:4.1.4:::::::* cpe:2.3:a:samba:samba:4.1.3:::::::* cpe:2.3:a:samba:samba:4.1.2:::::::* cpe:2.3:a:samba:samba:4.1.10:::::::* cpe:2.3:a:samba:samba:4.1.1:::::::* cpe:2.3:a:samba:samba:4.1.0:::::::* cpe:2.3:a:samba:samba:4.0.9:::::::* cpe:2.3:a:samba:samba:4.0.8:::::::* cpe:2.3:a:samba:samba:4.0.7:::::::* cpe:2.3:a:samba:samba:4.0.6:::::::* cpe:2.3:a:samba:samba:4.0.5:::::::* cpe:2.3:a:samba:samba:4.0.4:::::::* cpe:2.3:a:samba:samba:4.0.3:::::::* cpe:2.3:a:samba:samba:4.0.20:::::::* cpe:2.3:a:samba:samba:4.0.2:::::::* cpe:2.3:a:samba:samba:4.0.19:::::::* cpe:2.3:a:samba:samba:4.0.18:::::::* cpe:2.3:a:samba:samba:4.0.17:::::::* cpe:2.3:a:samba:samba:4.0.16:::::::* cpe:2.3:a:samba:samba:4.0.15:::::::* cpe:2.3:a:samba:samba:4.0.14:::::::* cpe:2.3:a:samba:samba:4.0.13:::::::* cpe:2.3:a:samba:samba:4.0.12:::::::* cpe:2.3:a:samba:samba:4.0.11:::::::* cpe:2.3:a:samba:samba:4.0.10:::::::* cpe:2.3:a:samba:samba:4.0.1:::::::* cpe:2.3:a:samba:samba:4.0.0:::::::*	32
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*	2

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-08-07	IAVM : 2014-B-0105 - Samba Remote Code Execution Severity : Category I - VMSKEY : V0053637

Nessus® Vulnerability Scanner

Date	Description
2014-08-21	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-507.nasl - Type : ACT_GATHER_INFO
2014-08-20	Name : The remote Fedora host is missing a security update. File : fedora_2014-9132.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1008.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-9141.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1009.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1008.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1009.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1008.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1009.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140805_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-08-04	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-213-01.nasl - Type : ACT_GATHER_INFO
2014-08-04	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_89ff45e31a5711e4bebd000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2014-08-04	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2305-1.nasl - Type : ACT_GATHER_INFO
2014-08-01	Name : The remote Samba server is affected by a remote code execution vulnerability. File : samba_4_1_11.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280....
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864....
http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
http://secunia.com/advisories/59583
http://secunia.com/advisories/59610
http://secunia.com/advisories/59976
http://www.samba.org/samba/security/CVE-2014-3560
http://www.securityfocus.com/bid/69021
http://www.securitytracker.com/id/1030663
http://www.ubuntu.com/usn/USN-2305-1
https://bugzilla.redhat.com/show_bug.cgi?id=1126010
https://exchange.xforce.ibmcloud.com/vulnerabilities/95081
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c44243...
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:40:55	Multiple Updates
2023-11-07 21:45:24	Multiple Updates
2021-05-04 12:32:28	Multiple Updates
2021-04-22 01:39:26	Multiple Updates
2020-05-23 00:41:06	Multiple Updates
2019-04-22 21:19:10	Multiple Updates
2017-08-29 09:24:35	Multiple Updates
2017-01-07 09:25:35	Multiple Updates
2016-04-27 00:52:11	Multiple Updates
2014-10-17 13:26:17	Multiple Updates
2014-08-22 13:26:49	Multiple Updates
2014-08-21 13:26:39	Multiple Updates
2014-08-09 13:25:11	Multiple Updates
2014-08-08 21:23:12	Multiple Updates
2014-08-07 17:22:04	Multiple Updates
2014-08-07 13:25:16	Multiple Updates
2014-08-07 00:22:00	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	5
CPE ID(s)	35
Sources(s)	14
IAVM(s)	1
Nessus® Exploit(s)	14

	Related
7.9	USN-2305-1
7.9	RHSA-2014:1009
7.9	RHSA-2014:1008
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

7.9 - CVE-2014-3560

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU