CVE-2014-3560

samba: remote code execution in nmbd

Severity Score

7.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

NetBIOS name services daemon (nmbd) en Samba 4.0.x anterior a 4.0.21 y 4.1.x anterior a 4.1.11 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que modifican la memoria dinámica, involucrando una operación sizeof sobre una variable incorrecta en la macro unstrcpy en string_wrappers.h.

A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges.

*Credits: N/A

CVSS Scores

NISTv2 7.9

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-08-01 CVE Published
2023-11-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (15)

URL	Tag	Source
http://secunia.com/advisories/59583	Third Party Advisory
http://secunia.com/advisories/59610	Third Party Advisory
http://secunia.com/advisories/59976	Third Party Advisory
http://www.securityfocus.com/bid/69021	Vdb Entry
http://www.securitytracker.com/id/1030663	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95081	Vdb Entry
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605	X_refsource_confirm
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html	2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	2023-11-07
http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html	2023-11-07
http://www.samba.org/samba/security/CVE-2014-3560	2023-11-07
http://www.ubuntu.com/usn/USN-2305-1	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1126010	2014-08-05
https://access.redhat.com/security/cve/CVE-2014-3560	2014-08-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.0 Search vendor "Samba" for product "Samba" and version "4.1.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.1 Search vendor "Samba" for product "Samba" and version "4.1.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.2 Search vendor "Samba" for product "Samba" and version "4.1.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.3 Search vendor "Samba" for product "Samba" and version "4.1.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.4 Search vendor "Samba" for product "Samba" and version "4.1.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.5 Search vendor "Samba" for product "Samba" and version "4.1.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.6 Search vendor "Samba" for product "Samba" and version "4.1.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.7 Search vendor "Samba" for product "Samba" and version "4.1.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.8 Search vendor "Samba" for product "Samba" and version "4.1.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.9 Search vendor "Samba" for product "Samba" and version "4.1.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.1.10 Search vendor "Samba" for product "Samba" and version "4.1.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.0 Search vendor "Samba" for product "Samba" and version "4.0.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.1 Search vendor "Samba" for product "Samba" and version "4.0.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.2 Search vendor "Samba" for product "Samba" and version "4.0.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.3 Search vendor "Samba" for product "Samba" and version "4.0.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.4 Search vendor "Samba" for product "Samba" and version "4.0.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.5 Search vendor "Samba" for product "Samba" and version "4.0.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.6 Search vendor "Samba" for product "Samba" and version "4.0.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.7 Search vendor "Samba" for product "Samba" and version "4.0.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.8 Search vendor "Samba" for product "Samba" and version "4.0.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.9 Search vendor "Samba" for product "Samba" and version "4.0.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.10 Search vendor "Samba" for product "Samba" and version "4.0.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.11 Search vendor "Samba" for product "Samba" and version "4.0.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.12 Search vendor "Samba" for product "Samba" and version "4.0.12"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.13 Search vendor "Samba" for product "Samba" and version "4.0.13"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.14 Search vendor "Samba" for product "Samba" and version "4.0.14"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.15 Search vendor "Samba" for product "Samba" and version "4.0.15"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.16 Search vendor "Samba" for product "Samba" and version "4.0.16"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.17 Search vendor "Samba" for product "Samba" and version "4.0.17"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.18 Search vendor "Samba" for product "Samba" and version "4.0.18"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.19 Search vendor "Samba" for product "Samba" and version "4.0.19"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				4.0.20 Search vendor "Samba" for product "Samba" and version "4.0.20"		-		Affected