Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2014-0178

Published: 28/05/2014 Updated: 01/09/2022
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Summary

Samba 3.6.6 up to and including 3.6.23, 4.0.x prior to 4.0.18, and 4.1.x prior to 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

samba samba 4.1.7

samba samba 4.1.5

samba samba 4.1.6

samba samba 4.1.4

samba samba 4.1.0

samba samba 4.1.2

samba samba 4.1.3

samba samba 4.1.1

samba samba 3.6.17

samba samba 3.6.10

samba samba 3.6.23

samba samba 3.6.9

samba samba 3.6.11

samba samba 3.6.19

samba samba 3.6.16

samba samba 3.6.12

samba samba 3.6.8

samba samba 3.6.7

samba samba 3.6.13

samba samba 3.6.22

samba samba 3.6.6

samba samba 3.6.15

samba samba 3.6.20

samba samba 3.6.18

samba samba 3.6.14

samba samba 3.6.21

Vendor Advisories

Ubuntu Security Notice: samba vulnerabilities
Several security issues were fixed in Samba ...
Debian CVElist Bug Report Logs: samba CVE-2014-0239 Potential DOS in Samba internal DNS server
Debian Bug report logs - #749845 samba CVE-2014-0239 Potential DOS in Samba internal DNS server Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Source for samba is src:samba (PTS, buildd, popcon) Reported by: Ivo De Decker <ivodedecker@ugentbe> Date: Fri, ...
Debian Security Advisories: DSA-2966-1 samba -- security update
Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server: CVE-2014-0178 Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled CVE-2014-0244 Denial of service (infinite CPU loop) in the n ...
Red Hat: CVE-2014-0178
A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request ...

References

CWE-665http://www.samba.org/samba/security/CVE-2014-0178http://advisories.mageia.org/MGASA-2014-0279.htmlhttp://secunia.com/advisories/59579http://secunia.com/advisories/59378http://www.mandriva.com/security/advisories?name=MDVSA-2014:136http://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:082https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993http://www.securitytracker.com/id/1030308http://www.securityfocus.com/bid/67686http://secunia.com/advisories/59407http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttp://www.securityfocus.com/archive/1/532757/100/0/threadedhttps://usn.ubuntu.com/2257-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-0178
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoofCVE-2024-34928CVE-2024-5291deserializationCVE-2024-4471CVE-2024-4956CVE-2024-32002CVE-2024-5227unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook