CVE-2014-3560

Priority
High
Description
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x
before 4.1.11 allows remote attackers to execute arbitrary code via
unspecified vectors that modify heap memory, involving a sizeof operation
on an incorrect variable in the unstrcpy macro in string_wrappers.h.
References
Assigned-to
mdeslaur
Package
Upstream:released (4.0.21)
Ubuntu 10.04 LTS (Lucid Lynx):needed
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.0.21)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (2:3.4.7~dfsg-1ubuntu3.15)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.3)
Ubuntu 14.10 (Utopic Unicorn):released (2:4.1.8+dfsg-1ubuntu3)
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-23 21:18:45 UTC (commit 8644)