Samba 3.6.6 up to and including 3.6.23, 4.0.x prior to 4.0.18, and 4.1.x prior to 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
samba samba |
||
samba samba 4.1.7 |
||
samba samba 4.1.5 |
||
samba samba 4.1.6 |
||
samba samba 4.1.4 |
||
samba samba 4.1.0 |
||
samba samba 4.1.2 |
||
samba samba 4.1.3 |
||
samba samba 4.1.1 |
||
samba samba 3.6.17 |
||
samba samba 3.6.10 |
||
samba samba 3.6.23 |
||
samba samba 3.6.9 |
||
samba samba 3.6.11 |
||
samba samba 3.6.19 |
||
samba samba 3.6.16 |
||
samba samba 3.6.12 |
||
samba samba 3.6.8 |
||
samba samba 3.6.7 |
||
samba samba 3.6.13 |
||
samba samba 3.6.22 |
||
samba samba 3.6.6 |
||
samba samba 3.6.15 |
||
samba samba 3.6.20 |
||
samba samba 3.6.18 |
||
samba samba 3.6.14 |
||
samba samba 3.6.21 |