CVE-2014-0178

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

References

http://advisories.mageia.org/MGASA-2014-0279.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

http://secunia.com/advisories/59378

http://secunia.com/advisories/59407

http://secunia.com/advisories/59579

http://security.gentoo.org/glsa/glsa-201502-15.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2014:136

http://www.mandriva.com/security/advisories?name=MDVSA-2015:082

http://www.samba.org/samba/security/CVE-2014-0178

http://www.securityfocus.com/archive/1/532757/100/0/threaded

http://www.securityfocus.com/bid/67686

http://www.securitytracker.com/id/1030308

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

Details

Source: MITRE

Published: 2014-05-28

Updated: 2018-10-09

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
84401IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple VulnerabilitiesNessusMisc.
high
8752 Samba 3.6.6 < 3.6.25 Memory DisclosureNessus Network MonitorSamba
low
82335Mandriva Linux Security Advisory : samba (MDVSA-2015:082)NessusMandriva Local Security Checks
critical
81536GLSA-201502-15 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
80768Oracle Solaris Third-Party Patch Update : samba (cve_2014_0178_information_disclosure)NessusSolaris Local Security Checks
low
77268Fedora 19 : samba-4.0.21-1.fc19 (2014-9132)NessusFedora Local Security Checks
high
77013RHEL 6 : samba4 (RHSA-2014:1009)NessusRed Hat Local Security Checks
high
77010Oracle Linux 6 : samba4 (ELSA-2014-1009)NessusOracle Linux Local Security Checks
high
77006CentOS 6 : samba4 (CESA-2014:1009)NessusCentOS Local Security Checks
high
76903RHEL 7 : samba (RHSA-2014:0867)NessusRed Hat Local Security Checks
low
76740Oracle Linux 7 : samba (ELSA-2014-0867)NessusOracle Linux Local Security Checks
low
76523SuSE 11.3 Security Update : Samba (SAT Patch Number 9451)NessusSuSE Local Security Checks
low
76480Mandriva Linux Security Advisory : samba (MDVSA-2014:136)NessusMandriva Local Security Checks
low
76432CentOS 7 : samba (CESA-2014:0867)NessusCentOS Local Security Checks
low
76341openSUSE Security Update : samba (openSUSE-SU-2014:0859-1)NessusSuSE Local Security Checks
medium
76340openSUSE Security Update : samba (openSUSE-SU-2014:0857-1)NessusSuSE Local Security Checks
low
76275Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : samba vulnerabilities (USN-2257-1)NessusUbuntu Local Security Checks
medium
76223Fedora 20 : samba-4.1.9-3.fc20 (2014-7672)NessusFedora Local Security Checks
high
76207Slackware 14.0 / 14.1 / current : samba (SSA:2014-175-04)NessusSlackware Local Security Checks
medium
76194Debian DSA-2966-1 : samba - security updateNessusDebian Local Security Checks
low
3540Samba 4.0.x < 4.0.18 / 4.1.x < 4.1.8 Multiple VulnerabilitiesNessus Network MonitorSamba
medium
74290Samba 3.5.x / 3.6.x < 3.6.25 / 4.1.x < 4.1.8 Multiple VulnerabilitiesNessusMisc.
low
74242Samba 4.x < 4.0.18 Multiple VulnerabilitiesNessusMisc.
low