CVE-2014-3560

Priority
High
Description
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x
before 4.1.11 allows remote attackers to execute arbitrary code via
unspecified vectors that modify heap memory, involving a sizeof operation
on an incorrect variable in the unstrcpy macro in string_wrappers.h.
References
Assigned-to
mdeslaur
Package
Upstream:released (4.0.21)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.0.21)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.3)
Ubuntu 15.04 (Vivid Vervet):released (2:4.1.8+dfsg-1ubuntu3)
Ubuntu 15.10 (Wily Werewolf):released (2:4.1.8+dfsg-1ubuntu3)
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:21:50 UTC (commit 9756)