It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash.
Find out more about CVE-2014-3493 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the versions of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of samba and samba4 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of samba as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 5.
| Base Score | 2.7 |
|---|---|
| Base Metrics | AV:A/AC:L/Au:S/C:N/I:N/A:P |
| Access Vector | Adjacent Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (samba3x) | RHSA-2014:0866 | 2014-07-09 |
| Red Hat Enterprise Linux 7 (samba) | RHSA-2014:0867 | 2014-07-09 |
| Red Hat Enterprise Linux 6 (samba) | RHSA-2014:0866 | 2014-07-09 |
| Red Hat Enterprise Linux 6 (samba4) | RHSA-2014:1009 | 2014-08-05 |
| Platform | Package | State |
|---|---|---|
| Red Hat Gluster Storage 2.1 | samba | Will not fix |
| Red Hat Enterprise Linux 5 | samba | Not affected |
Vulmon