CVE-2014-3560
HIGH severity · CVSS 7.9 · Code injection
7.9CVSS HIGH
Summary
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Impact & exploitability
Attack vectorAdjacent
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)56%
AV:A/AC:M/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://www.samba.org/samba/security/CVE-2014-3560Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
- http://secunia.com/advisories/59583
- http://secunia.com/advisories/59610
- http://secunia.com/advisories/59976
- http://www.securityfocus.com/bid/69021