CVE-2014-3560

high

Description

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html

http://secunia.com/advisories/59583

http://secunia.com/advisories/59610

http://secunia.com/advisories/59976

http://www.samba.org/samba/security/CVE-2014-3560

http://www.securityfocus.com/bid/69021

http://www.securitytracker.com/id/1030663

http://www.ubuntu.com/usn/USN-2305-1

https://bugzilla.redhat.com/show_bug.cgi?id=1126010

https://exchange.xforce.ibmcloud.com/vulnerabilities/95081

https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605

https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2

Details

Source: MITRE

Published: 2014-08-06

Updated: 2019-04-22

Type: CWE-94

Risk Information

CVSS v2

Base Score: 7.9

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.5

Severity: HIGH