Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Samba 3.6.6 < 3.6.25 Memory Disclosure

Low

Synopsis

The remote version of Samba is outdated and affected by a memory disclosure vulnerability.

Description

An error exists related to GET_SHADOW_COPY_DATA() and FSCTL_SRV_ENUMERATE_SNAPSHOTS() request handling in which the SRV_SNAPSHOT_ARRAY response field is not properly initialized. Therefore, configurations with 'shadow_copy' or 'shadow-copy2' specified for the 'vfs objects' parameter can allow the disclosure of uninitialized memory contents.

Solution

Upgrade to 3.6.25 or later.