CVE-2014-3560

critical

Description

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

References

https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2

https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605

https://exchange.xforce.ibmcloud.com/vulnerabilities/95081

https://bugzilla.redhat.com/show_bug.cgi?id=1126010

http://www.ubuntu.com/usn/USN-2305-1

http://www.securitytracker.com/id/1030663

http://www.securityfocus.com/bid/69021

http://www.samba.org/samba/security/CVE-2014-3560

http://secunia.com/advisories/59976

http://secunia.com/advisories/59610

http://secunia.com/advisories/59583

http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html

Details

Source: Mitre, NVD

Published: 2014-08-06

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 7.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.4146