A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request.
Find out more about CVE-2014-0178 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the version of samba4 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having Low security impact, a future update may address this flaw.
| Base Score | 1.4 |
|---|---|
| Base Metrics | AV:A/AC:H/Au:S/C:P/I:N/A:N |
| Access Vector | Adjacent Network |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (samba) | RHSA-2014:0867 | 2014-07-09 |
| Red Hat Enterprise Linux 6 (samba4) | RHSA-2014:1009 | 2014-08-05 |
| Platform | Package | State |
|---|---|---|
| Red Hat Gluster Storage 2.1 | samba | Will not fix |
| Red Hat Enterprise Linux 6 | samba | Not affected |
| Red Hat Enterprise Linux 5 | samba | Not affected |
| Red Hat Enterprise Linux 5 | samba3x | Not affected |
| Red Hat Enterprise Linux 4 | samba | Not affected |
Vulmon