CVE-2014-0178

samba: Uninitialized memory exposure

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Samba 3.6.6 hasta 3.6.23, 4.0.x anterior a 4.0.18 y 4.1.x anterior a 4.1.8, cuando cierta configuración de copia shadow vfs está habilitada, no inicializa debidamente el campo de respuesta SRV_SNAPSHOT_ARRAY, lo que permite a usuarios remotos autenticados obtener información potencialmente sensible de la memoria de procesos a través de una solicitud (1) FSCTL_GET_SHADOW_COPY_DATA o (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS.

A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-12-03 CVE Reserved
2014-05-28 CVE Published
2024-01-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-665: Improper Initialization

CAPEC

References (16)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0279.html	Third Party Advisory
http://secunia.com/advisories/59378	Third Party Advisory
http://secunia.com/advisories/59407	Third Party Advisory
http://secunia.com/advisories/59579	Third Party Advisory
http://www.securityfocus.com/archive/1/532757/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/67686	Third Party Advisory
http://www.securitytracker.com/id/1030308	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	2022-09-01
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html	2022-09-01
http://security.gentoo.org/glsa/glsa-201502-15.xml	2022-09-01
http://www.mandriva.com/security/advisories?name=MDVSA-2014:136	2022-09-01
http://www.mandriva.com/security/advisories?name=MDVSA-2015:082	2022-09-01
http://www.samba.org/samba/security/CVE-2014-0178	2022-09-01
https://access.redhat.com/security/cve/CVE-2014-0178	2014-08-05
https://bugzilla.redhat.com/show_bug.cgi?id=1101992	2014-08-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 3.6.6 < 3.6.25 Search vendor "Samba" for product "Samba" and version " >= 3.6.6 < 3.6.25"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.0.0 < 4.0.18 Search vendor "Samba" for product "Samba" and version " >= 4.0.0 < 4.0.18"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				>= 4.1.0 < 4.1.8 Search vendor "Samba" for product "Samba" and version " >= 4.1.0 < 4.1.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.0 Search vendor "Samba" for product "Samba" and version "4.1.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.1 Search vendor "Samba" for product "Samba" and version "4.1.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.2 Search vendor "Samba" for product "Samba" and version "4.1.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.3 Search vendor "Samba" for product "Samba" and version "4.1.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.4 Search vendor "Samba" for product "Samba" and version "4.1.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.5 Search vendor "Samba" for product "Samba" and version "4.1.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.6 Search vendor "Samba" for product "Samba" and version "4.1.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.7 Search vendor "Samba" for product "Samba" and version "4.1.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.6 Search vendor "Samba" for product "Samba" and version "3.6.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.7 Search vendor "Samba" for product "Samba" and version "3.6.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.8 Search vendor "Samba" for product "Samba" and version "3.6.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.9 Search vendor "Samba" for product "Samba" and version "3.6.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.10 Search vendor "Samba" for product "Samba" and version "3.6.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.11 Search vendor "Samba" for product "Samba" and version "3.6.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.12 Search vendor "Samba" for product "Samba" and version "3.6.12"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.13 Search vendor "Samba" for product "Samba" and version "3.6.13"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.14 Search vendor "Samba" for product "Samba" and version "3.6.14"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.15 Search vendor "Samba" for product "Samba" and version "3.6.15"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.16 Search vendor "Samba" for product "Samba" and version "3.6.16"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.17 Search vendor "Samba" for product "Samba" and version "3.6.17"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.18 Search vendor "Samba" for product "Samba" and version "3.6.18"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.19 Search vendor "Samba" for product "Samba" and version "3.6.19"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.20 Search vendor "Samba" for product "Samba" and version "3.6.20"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.21 Search vendor "Samba" for product "Samba" and version "3.6.21"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.22 Search vendor "Samba" for product "Samba" and version "3.6.22"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.6.23 Search vendor "Samba" for product "Samba" and version "3.6.23"		-		Affected