3.5

CVE-2014-0178

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Data is provided by the National Vulnerability Database (NVD)
SambaSamba Version >= 3.6.6 < 3.6.25
SambaSamba Version >= 4.0.0 < 4.0.18
SambaSamba Version >= 4.1.0 < 4.1.8
SambaSamba Version4.1.0
SambaSamba Version4.1.1
SambaSamba Version4.1.2
SambaSamba Version4.1.3
SambaSamba Version4.1.4
SambaSamba Version4.1.5
SambaSamba Version4.1.6
SambaSamba Version4.1.7
SambaSamba Version3.6.6
SambaSamba Version3.6.7
SambaSamba Version3.6.8
SambaSamba Version3.6.9
SambaSamba Version3.6.10
SambaSamba Version3.6.11
SambaSamba Version3.6.12
SambaSamba Version3.6.13
SambaSamba Version3.6.14
SambaSamba Version3.6.15
SambaSamba Version3.6.16
SambaSamba Version3.6.17
SambaSamba Version3.6.18
SambaSamba Version3.6.19
SambaSamba Version3.6.20
SambaSamba Version3.6.21
SambaSamba Version3.6.22
SambaSamba Version3.6.23
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.31% 0.791
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

http://www.securityfocus.com/bid/67686
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030308
Third Party Advisory
VDB Entry