CVE-2014-3493
samba: smbd unicode path names denial of service
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
La función push_ascii en smbd en Samba 3.6.x anterior a 3.6.24, 4.0.x anterior a 4.0.19 y 4.1.x anterior a 4.1.9 permite a usuarios remotos autenticados causar una denegación de servicio (corrupción de memoria y caída de demonio) a través de in intento de leer un nombre de ruta Unicode sin especificar el uso de Unicode, que conduce a un fallo de conversión de configuración de carácter que provoca una referencia a puntero inválida.
It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash.
In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication. Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-14 CVE Reserved
- 2014-06-23 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-393: Return of Wrong Status Code
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0279.html | X_refsource_confirm | |
| http://linux.oracle.com/errata/ELSA-2014-0866.html | X_refsource_confirm | |
| http://secunia.com/advisories/59378 | Third Party Advisory | |
| http://secunia.com/advisories/59407 | Third Party Advisory | |
| http://secunia.com/advisories/59433 | Third Party Advisory | |
| http://secunia.com/advisories/59579 | Third Party Advisory | |
| http://secunia.com/advisories/59834 | Third Party Advisory | |
| http://secunia.com/advisories/59848 | Third Party Advisory | |
| http://secunia.com/advisories/59919 | Third Party Advisory | |
| http://secunia.com/advisories/61218 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/532757/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/68150 | Vdb Entry | |
| http://www.securitytracker.com/id/1030455 | Vdb Entry | |
| https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1 | X_refsource_confirm | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.0 Search vendor "Samba" for product "Samba" and version "3.6.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.1 Search vendor "Samba" for product "Samba" and version "3.6.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.2 Search vendor "Samba" for product "Samba" and version "3.6.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.3 Search vendor "Samba" for product "Samba" and version "3.6.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.4 Search vendor "Samba" for product "Samba" and version "3.6.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.5 Search vendor "Samba" for product "Samba" and version "3.6.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.6 Search vendor "Samba" for product "Samba" and version "3.6.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.7 Search vendor "Samba" for product "Samba" and version "3.6.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.8 Search vendor "Samba" for product "Samba" and version "3.6.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.9 Search vendor "Samba" for product "Samba" and version "3.6.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.10 Search vendor "Samba" for product "Samba" and version "3.6.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.11 Search vendor "Samba" for product "Samba" and version "3.6.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.12 Search vendor "Samba" for product "Samba" and version "3.6.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.13 Search vendor "Samba" for product "Samba" and version "3.6.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.14 Search vendor "Samba" for product "Samba" and version "3.6.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.15 Search vendor "Samba" for product "Samba" and version "3.6.15" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.16 Search vendor "Samba" for product "Samba" and version "3.6.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.17 Search vendor "Samba" for product "Samba" and version "3.6.17" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.18 Search vendor "Samba" for product "Samba" and version "3.6.18" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.19 Search vendor "Samba" for product "Samba" and version "3.6.19" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.20 Search vendor "Samba" for product "Samba" and version "3.6.20" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.21 Search vendor "Samba" for product "Samba" and version "3.6.21" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.22 Search vendor "Samba" for product "Samba" and version "3.6.22" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.6.23 Search vendor "Samba" for product "Samba" and version "3.6.23" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.0 Search vendor "Samba" for product "Samba" and version "4.1.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.1 Search vendor "Samba" for product "Samba" and version "4.1.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.2 Search vendor "Samba" for product "Samba" and version "4.1.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.3 Search vendor "Samba" for product "Samba" and version "4.1.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.4 Search vendor "Samba" for product "Samba" and version "4.1.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.5 Search vendor "Samba" for product "Samba" and version "4.1.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.6 Search vendor "Samba" for product "Samba" and version "4.1.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.7 Search vendor "Samba" for product "Samba" and version "4.1.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.1.8 Search vendor "Samba" for product "Samba" and version "4.1.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.0 Search vendor "Samba" for product "Samba" and version "4.0.0" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.1 Search vendor "Samba" for product "Samba" and version "4.0.1" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.2 Search vendor "Samba" for product "Samba" and version "4.0.2" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.3 Search vendor "Samba" for product "Samba" and version "4.0.3" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.4 Search vendor "Samba" for product "Samba" and version "4.0.4" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.5 Search vendor "Samba" for product "Samba" and version "4.0.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.6 Search vendor "Samba" for product "Samba" and version "4.0.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.7 Search vendor "Samba" for product "Samba" and version "4.0.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.8 Search vendor "Samba" for product "Samba" and version "4.0.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.9 Search vendor "Samba" for product "Samba" and version "4.0.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.10 Search vendor "Samba" for product "Samba" and version "4.0.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.11 Search vendor "Samba" for product "Samba" and version "4.0.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.12 Search vendor "Samba" for product "Samba" and version "4.0.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.13 Search vendor "Samba" for product "Samba" and version "4.0.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.14 Search vendor "Samba" for product "Samba" and version "4.0.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.15 Search vendor "Samba" for product "Samba" and version "4.0.15" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.16 Search vendor "Samba" for product "Samba" and version "4.0.16" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.17 Search vendor "Samba" for product "Samba" and version "4.0.17" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 4.0.18 Search vendor "Samba" for product "Samba" and version "4.0.18" | - |
Affected
| ||||||