Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Samba 3.6.6 <= 4.1.7 Uninitialized Memory Exposure vulnerability (CVE-2014-0178)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Samba 3.6.6 to 4.1.7 are affected by a vulnerability that allows an authenticated client to retrieve eight bytes of uninitialized server memory when a shadow-copy VFS module is enabled.
Insight
Insight
In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY response field. The uninitialized buffer is sent back to the client. A non-default VFS module providing the get_shadow_copy_data_fn() hook must be explicitly enabled for Samba to process the aforementioned client requests. Therefore, only configurations with 'shadow_copy' or 'shadow_copy2' specified for the 'vfs objects' parameter are vulnerable.
Affected Software
Affected Software
Samba versions 3.6.6 through 4.1.7.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 4.0.18, 4.1.8 or later.