Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba 4.0.x < 4.0.18 / 4.1.x < 4.1.8 Multiple Vulnerabilities



The remote version of Samba is outdated and thus affected by several vulnerabilities.


Versions of Samba older than 4.0.18 or 4.1.8 are unpatched for the following vulnerabilities:

- An error in the 'dns_process_send()' function in the internal DNS server can cause an infinite loop that results in denial of service, due to the server not checking the 'reply' flag in a DNS packet header when processing a request. (CVE-2014-0239)

- A flaw in the 'vfswrap_fsctl()' function that is triggered when responding to authenticated FSCTL_GET_SHADOW_COPY_DATA or FSCTL_SRV_ENUMERATE_SNAPSHOTS client requests can result in the exposure of eight bytes of uninitialized memory. This affects versions of Samba 3.6.6 and onward. (CVE-2014-0178)


Install the patch referenced in the project's advisory, or upgrade to 4.0.18, 4.1.8, or later.